Sign-up

ID

VAR-202004-2159


CVE

CVE-2020-8477


TITLE

ABB System 800xA Information Manager Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004735

DESCRIPTION

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. ABB System 800xA Information Manager Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system supports access to real-time and historical information of all applications in the automation system

Trust: 2.79

sources: NVD: CVE-2020-8477 // JVNDB: JVNDB-2020-004735 // CNVD: CNVD-2020-25013 // IVD: 12e913e3-3031-4345-a042-2b0d4eacb530 // IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f // IVD: 860e432b-063b-4999-a116-57846b798bf8 // VULHUB: VHN-186602

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: 12e913e3-3031-4345-a042-2b0d4eacb530 // IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f // IVD: 860e432b-063b-4999-a116-57846b798bf8 // CNVD: CNVD-2020-25013

AFFECTED PRODUCTS

vendor:abbmodel:system 800xa information managerscope:eqversion:6.1

Trust: 2.0

vendor:abbmodel: - scope:eqversion:*

Trust: 1.8

vendor:abbmodel:system 800xa information managerscope:eqversion:5.1

Trust: 1.4

vendor:abbmodel:800xa information managerscope:eqversion:6.1

Trust: 1.0

vendor:abbmodel:800xa information managerscope:eqversion:5.1

Trust: 1.0

vendor:abbmodel:800xa information managerscope:gteversion:6.0.0

Trust: 1.0

vendor:abbmodel:800xa information managerscope:lteversion:6.0.3.2

Trust: 1.0

vendor:abbmodel:system 800xa information managerscope:eqversion:6.0 から 6.0.3.2

Trust: 0.8

vendor:abbmodel:system 800xa information managerscope:eqversion:5.1*

Trust: 0.6

vendor:abbmodel:system 800xa information managerscope:gteversion:6.0<=6.0.3.2

Trust: 0.6

vendor:abbmodel:system 800xa information managerscope:gteversion:6.0,<=6.0.3.2

Trust: 0.6

sources: IVD: 12e913e3-3031-4345-a042-2b0d4eacb530 // IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f // IVD: 860e432b-063b-4999-a116-57846b798bf8 // CNVD: CNVD-2020-25013 // JVNDB: JVNDB-2020-004735 // NVD: CVE-2020-8477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8477
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8477
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004735
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-25013
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1906
value: HIGH

Trust: 0.6

IVD: 12e913e3-3031-4345-a042-2b0d4eacb530
value: HIGH

Trust: 0.2

IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f
value: HIGH

Trust: 0.2

IVD: 860e432b-063b-4999-a116-57846b798bf8
value: HIGH

Trust: 0.2

VULHUB: VHN-186602
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8477
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004735
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-25013
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 12e913e3-3031-4345-a042-2b0d4eacb530
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 860e432b-063b-4999-a116-57846b798bf8
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-186602
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8477
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-004735
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 12e913e3-3031-4345-a042-2b0d4eacb530 // IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f // IVD: 860e432b-063b-4999-a116-57846b798bf8 // CNVD: CNVD-2020-25013 // VULHUB: VHN-186602 // JVNDB: JVNDB-2020-004735 // CNNVD: CNNVD-202004-1906 // NVD: CVE-2020-8477 // NVD: CVE-2020-8477

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

problemtype:CWE-489

Trust: 1.0

sources: VULHUB: VHN-186602 // JVNDB: JVNDB-2020-004735 // NVD: CVE-2020-8477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1906

TYPE

other

Trust: 0.6

sources: IVD: 12e913e3-3031-4345-a042-2b0d4eacb530 // IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f // IVD: 860e432b-063b-4999-a116-57846b798bf8

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004735

PATCH
title:SECURITY System 800xA InformationManager - Remote Code Executionurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004735

EXTERNAL IDS
db:NVDid:CVE-2020-8477
Trust: 3.7
db:ICS CERTid:ICSA-20-184-02
Trust: 1.4
db:CNVDid:CNVD-2020-25013
Trust: 1.3
db:CNNVDid:CNNVD-202004-1906
Trust: 1.3
db:JVNid:JVNVU96482880
Trust: 0.8
db:JVNDBid:JVNDB-2020-004735
Trust: 0.8
db:AUSCERTid:ESB-2020.2295
Trust: 0.6
db:NSFOCUSid:46753
Trust: 0.6
db:IVDid:12E913E3-3031-4345-A042-2B0D4EACB530
Trust: 0.2
db:IVDid:D08F5232-65F7-48CD-A26B-3ED5516B140F
Trust: 0.2
db:IVDid:860E432B-063B-4999-A116-57846B798BF8
Trust: 0.2
db:VULHUBid:VHN-186602
Trust: 0.1
sources:
            
            
            IVD: 12e913e3-3031-4345-a042-2b0d4eacb530 // 
            
            
            
            IVD: d08f5232-65f7-48cd-a26b-3ed5516b140f // 
            
            
            
            IVD: 860e432b-063b-4999-a116-57846b798bf8 // 
            
            
            
            CNVD: CNVD-2020-25013 // 
            
            
            
            VULHUB: VHN-186602 // 
            
            
            
            JVNDB: JVNDB-2020-004735 // 
            
            
            
            CNNVD: CNNVD-202004-1906 // 
            
            
            
            NVD: CVE-2020-8477

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8477
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=2paa121232&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-184-02
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8477
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96482880/
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46753
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2295/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121232&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-25013 // 
            
            
            
            VULHUB: VHN-186602 // 
            
            
            
            JVNDB: JVNDB-2020-004735 // 
            
            
            
            CNNVD: CNNVD-202004-1906 // 
            
            
            
            NVD: CVE-2020-8477

SOURCES
db:IVDid:12e913e3-3031-4345-a042-2b0d4eacb530
db:IVDid:d08f5232-65f7-48cd-a26b-3ed5516b140f
db:IVDid:860e432b-063b-4999-a116-57846b798bf8
db:CNVDid:CNVD-2020-25013
db:VULHUBid:VHN-186602
db:JVNDBid:JVNDB-2020-004735
db:CNNVDid:CNNVD-202004-1906
db:NVDid:CVE-2020-8477

LAST UPDATE DATE
2024-11-23T23:11:26.307000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25013date:2021-02-23T00:00:00
db:VULHUBid:VHN-186602date:2020-04-30T00:00:00
db:JVNDBid:JVNDB-2020-004735date:2020-07-06T00:00:00
db:CNNVDid:CNNVD-202004-1906date:2020-07-06T00:00:00
db:NVDid:CVE-2020-8477date:2024-11-21T05:38:54.967

SOURCES RELEASE DATE
db:IVDid:12e913e3-3031-4345-a042-2b0d4eacb530date:2020-04-22T00:00:00
db:IVDid:d08f5232-65f7-48cd-a26b-3ed5516b140fdate:2020-04-22T00:00:00
db:IVDid:860e432b-063b-4999-a116-57846b798bf8date:2020-04-22T00:00:00
db:CNVDid:CNVD-2020-25013date:2020-04-23T00:00:00
db:VULHUBid:VHN-186602date:2020-04-22T00:00:00
db:JVNDBid:JVNDB-2020-004735date:2020-05-26T00:00:00
db:CNNVDid:CNNVD-202004-1906date:2020-04-22T00:00:00
db:NVDid:CVE-2020-8477date:2020-04-22T15:15:14.863