Sign-up

ID

VAR-202004-2163


CVE

CVE-2020-8484


TITLE

DCI for ABB System 800xA Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005101

DESCRIPTION

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. DCI for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for DCI is a set of distributed control system for DCI of Swiss ABB company. ABB System 800xA for DCI (all versions) has a permission permission and access control problem vulnerability

Trust: 2.7

sources: NVD: CVE-2020-8484 // JVNDB: JVNDB-2020-005101 // CNVD: CNVD-2020-27093 // IVD: e609a386-f11a-4898-9a3b-e88bbb68e47e // IVD: ec013e68-1dd8-40c6-909f-cea3c685a26e // VULHUB: VHN-186609 // VULMON: CVE-2020-8484

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: e609a386-f11a-4898-9a3b-e88bbb68e47e // IVD: ec013e68-1dd8-40c6-909f-cea3c685a26e // CNVD: CNVD-2020-27093

AFFECTED PRODUCTS

vendor:abbmodel:800xascope:eqversion:*

Trust: 1.1

vendor:abbmodel:system 800xascope: - version: -

Trust: 0.8

vendor:abbmodel:system 800xa for dciscope: - version: -

Trust: 0.6

vendor:800xamodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: e609a386-f11a-4898-9a3b-e88bbb68e47e // IVD: ec013e68-1dd8-40c6-909f-cea3c685a26e // CNVD: CNVD-2020-27093 // VULMON: CVE-2020-8484 // JVNDB: JVNDB-2020-005101 // NVD: CVE-2020-8484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8484
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8484
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005101
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27093
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2371
value: HIGH

Trust: 0.6

IVD: e609a386-f11a-4898-9a3b-e88bbb68e47e
value: HIGH

Trust: 0.2

IVD: ec013e68-1dd8-40c6-909f-cea3c685a26e
value: HIGH

Trust: 0.2

VULHUB: VHN-186609
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8484
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8484
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005101
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27093
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e609a386-f11a-4898-9a3b-e88bbb68e47e
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: ec013e68-1dd8-40c6-909f-cea3c685a26e
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-186609
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8484
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-005101
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e609a386-f11a-4898-9a3b-e88bbb68e47e // IVD: ec013e68-1dd8-40c6-909f-cea3c685a26e // CNVD: CNVD-2020-27093 // VULHUB: VHN-186609 // VULMON: CVE-2020-8484 // JVNDB: JVNDB-2020-005101 // CNNVD: CNNVD-202004-2371 // NVD: CVE-2020-8484 // NVD: CVE-2020-8484

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-005101 // NVD: CVE-2020-8484

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2371

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202004-2371

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005101

PATCH
title:SECURITY Interprocess communication vulnerability in System 800xAurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005101

EXTERNAL IDS
db:NVDid:CVE-2020-8484
Trust: 3.6
db:ICS CERTid:ICSA-20-154-03
Trust: 1.4
db:CNVDid:CNVD-2020-27093
Trust: 1.1
db:CNNVDid:CNNVD-202004-2371
Trust: 1.1
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005101
Trust: 0.8
db:AUSCERTid:ESB-2020.1923
Trust: 0.6
db:IVDid:E609A386-F11A-4898-9A3B-E88BBB68E47E
Trust: 0.2
db:IVDid:EC013E68-1DD8-40C6-909F-CEA3C685A26E
Trust: 0.2
db:VULHUBid:VHN-186609
Trust: 0.1
db:VULMONid:CVE-2020-8484
Trust: 0.1
sources:
            
            
            IVD: e609a386-f11a-4898-9a3b-e88bbb68e47e // 
            
            
            
            IVD: ec013e68-1dd8-40c6-909f-cea3c685a26e // 
            
            
            
            CNVD: CNVD-2020-27093 // 
            
            
            
            VULHUB: VHN-186609 // 
            
            
            
            VULMON: CVE-2020-8484 // 
            
            
            
            JVNDB: JVNDB-2020-005101 // 
            
            
            
            CNNVD: CNNVD-202004-2371 // 
            
            
            
            NVD: CVE-2020-8484

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8484
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-03
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8484
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1923/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27093 // 
            
            
            
            VULHUB: VHN-186609 // 
            
            
            
            VULMON: CVE-2020-8484 // 
            
            
            
            JVNDB: JVNDB-2020-005101 // 
            
            
            
            CNNVD: CNNVD-202004-2371 // 
            
            
            
            NVD: CVE-2020-8484

SOURCES
db:IVDid:e609a386-f11a-4898-9a3b-e88bbb68e47e
db:IVDid:ec013e68-1dd8-40c6-909f-cea3c685a26e
db:CNVDid:CNVD-2020-27093
db:VULHUBid:VHN-186609
db:VULMONid:CVE-2020-8484
db:JVNDBid:JVNDB-2020-005101
db:CNNVDid:CNNVD-202004-2371
db:NVDid:CVE-2020-8484

LAST UPDATE DATE
2024-11-23T21:35:51.818000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27093date:2020-05-08T00:00:00
db:VULHUBid:VHN-186609date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-8484date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005101date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2371date:2020-06-08T00:00:00
db:NVDid:CVE-2020-8484date:2024-11-21T05:38:55.543

SOURCES RELEASE DATE
db:IVDid:e609a386-f11a-4898-9a3b-e88bbb68e47edate:2020-04-28T00:00:00
db:IVDid:ec013e68-1dd8-40c6-909f-cea3c685a26edate:2020-04-28T00:00:00
db:CNVDid:CNVD-2020-27093date:2020-05-08T00:00:00
db:VULHUBid:VHN-186609date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8484date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005101date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2371date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8484date:2020-04-29T02:15:12.013