Details of VAR-202004-2160

ID

VAR-202004-2160

CVE

CVE-2020-8478

TITLE

plural ABB System 800xA Product injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005098

DESCRIPTION

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder. ABB System 800xA OPC Server , MMS Server , Base Software There is an injection vulnerability in.Information may be tampered with. ABB Ability System 800xA is a set of distributed control system for industrial control industry of Swiss ABB company. ABB System 800xA (all versions) has a vulnerability in permissions and access control issues. Local attackers can use this vulnerability to inject data and affect the runtime data view displayed in Control Builder

Trust: 2.7

sources: NVD: CVE-2020-8478 // JVNDB: JVNDB-2020-005098 // CNVD: CNVD-2020-27092 // IVD: 312dc9a8-3ca7-47ce-9fa3-94e1861c2182 // IVD: a1528372-cc95-4561-8b06-d005517efc9b // VULHUB: VHN-186603 // VULMON: CVE-2020-8478

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 312dc9a8-3ca7-47ce-9fa3-94e1861c2182 // IVD: a1528372-cc95-4561-8b06-d005517efc9b // CNVD: CNVD-2020-27092

AFFECTED PRODUCTS

vendor:	abb	model:	base software	scope:	eq	version:	*	Trust: 1.1
vendor:	abb	model:	mms server	scope:	eq	version:	*	Trust: 1.1
vendor:	abb	model:	opc server	scope:	eq	version:	*	Trust: 1.1
vendor:	abb	model:	basesoftware	scope:	eq	version:	for softcontrol	Trust: 0.8
vendor:	abb	model:	mmsserver	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	opcserver	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	system 800xa	scope:	-	version:	-	Trust: 0.6
vendor:	mms server	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	opc server	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	base	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 312dc9a8-3ca7-47ce-9fa3-94e1861c2182 // IVD: a1528372-cc95-4561-8b06-d005517efc9b // CNVD: CNVD-2020-27092 // VULMON: CVE-2020-8478 // JVNDB: JVNDB-2020-005098 // NVD: CVE-2020-8478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8478
value:	LOW
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2020-8478
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-005098
value:	LOW
Trust: 0.8
CNVD:	CNVD-2020-27092
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2368
value:	LOW
Trust: 0.6
IVD:	312dc9a8-3ca7-47ce-9fa3-94e1861c2182
value:	LOW
Trust: 0.2
IVD:	a1528372-cc95-4561-8b06-d005517efc9b
value:	LOW
Trust: 0.2
VULHUB:	VHN-186603
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-8478
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8478
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005098
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-27092
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	312dc9a8-3ca7-47ce-9fa3-94e1861c2182
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	a1528372-cc95-4561-8b06-d005517efc9b
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-186603
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8478
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2020-8478
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005098
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 312dc9a8-3ca7-47ce-9fa3-94e1861c2182 // IVD: a1528372-cc95-4561-8b06-d005517efc9b // CNVD: CNVD-2020-27092 // VULHUB: VHN-186603 // VULMON: CVE-2020-8478 // JVNDB: JVNDB-2020-005098 // CNNVD: CNNVD-202004-2368 // NVD: CVE-2020-8478 // NVD: CVE-2020-8478

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.9
problemtype:	CWE-264	Trust: 1.0

sources: VULHUB: VHN-186603 // JVNDB: JVNDB-2020-005098 // NVD: CVE-2020-8478

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2368

TYPE

injection

Trust: 1.0

sources: IVD: 312dc9a8-3ca7-47ce-9fa3-94e1861c2182 // IVD: a1528372-cc95-4561-8b06-d005517efc9b // CNNVD: CNNVD-202004-2368

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005098

PATCH

title:

SECURITY Inter process communication vulnerability in System 800xA

url:

https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch

Trust: 0.8

sources: JVNDB: JVNDB-2020-005098

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8478	Trust: 3.6
db:	ICS CERT	id:	ICSA-20-154-03	Trust: 1.4
db:	CNVD	id:	CNVD-2020-27092	Trust: 1.1
db:	CNNVD	id:	CNNVD-202004-2368	Trust: 1.1
db:	JVN	id:	JVNVU94921886	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005098	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.1923	Trust: 0.6
db:	IVD	id:	312DC9A8-3CA7-47CE-9FA3-94E1861C2182	Trust: 0.2
db:	IVD	id:	A1528372-CC95-4561-8B06-D005517EFC9B	Trust: 0.2
db:	VULHUB	id:	VHN-186603	Trust: 0.1
db:	VULMON	id:	CVE-2020-8478	Trust: 0.1

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-8478	Trust: 2.0
url:	https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch	Trust: 1.7
url:	https://www.us-cert.gov/ics/advisories/icsa-20-154-03	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8478	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94921886/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1923/	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-27092 // VULHUB: VHN-186603 // VULMON: CVE-2020-8478 // JVNDB: JVNDB-2020-005098 // CNNVD: CNNVD-202004-2368 // NVD: CVE-2020-8478

SOURCES

db:	IVD	id:	312dc9a8-3ca7-47ce-9fa3-94e1861c2182
db:	IVD	id:	a1528372-cc95-4561-8b06-d005517efc9b
db:	CNVD	id:	CNVD-2020-27092
db:	VULHUB	id:	VHN-186603
db:	VULMON	id:	CVE-2020-8478
db:	JVNDB	id:	JVNDB-2020-005098
db:	CNNVD	id:	CNNVD-202004-2368
db:	NVD	id:	CVE-2020-8478

LAST UPDATE DATE

2024-11-23T21:35:51.972000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27092	date:	2020-05-08T00:00:00
db:	VULHUB	id:	VHN-186603	date:	2020-05-13T00:00:00
db:	VULMON	id:	CVE-2020-8478	date:	2020-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-005098	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2368	date:	2020-06-04T00:00:00
db:	NVD	id:	CVE-2020-8478	date:	2024-11-21T05:38:55.077

SOURCES RELEASE DATE

db:	IVD	id:	312dc9a8-3ca7-47ce-9fa3-94e1861c2182	date:	2020-04-28T00:00:00
db:	IVD	id:	a1528372-cc95-4561-8b06-d005517efc9b	date:	2020-04-28T00:00:00
db:	CNVD	id:	CNVD-2020-27092	date:	2020-05-08T00:00:00
db:	VULHUB	id:	VHN-186603	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-8478	date:	2020-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-005098	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2368	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-8478	date:	2020-04-29T02:15:11.763