Sign-up

ID

VAR-202004-2164


CVE

CVE-2020-8485


TITLE

MOD 300 for ABB System 800xA Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005047

DESCRIPTION

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. MOD 300 for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for MOD 300 is a set of distributed control system for MOD 300 of Swiss ABB company

Trust: 2.7

sources: NVD: CVE-2020-8485 // JVNDB: JVNDB-2020-005047 // CNVD: CNVD-2020-27094 // IVD: a95fe2e9-2ad9-4397-acee-b75aea6365aa // IVD: 58f66f62-2f58-4515-806d-a715cbb1ed80 // VULHUB: VHN-186610 // VULMON: CVE-2020-8485

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: a95fe2e9-2ad9-4397-acee-b75aea6365aa // IVD: 58f66f62-2f58-4515-806d-a715cbb1ed80 // CNVD: CNVD-2020-27094

AFFECTED PRODUCTS

vendor:abbmodel:800xascope:eqversion:*

Trust: 1.1

vendor:abbmodel:system 800xascope: - version: -

Trust: 0.8

vendor:abbmodel:system 800xa for modscope:eqversion:300

Trust: 0.6

vendor:800xamodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: a95fe2e9-2ad9-4397-acee-b75aea6365aa // IVD: 58f66f62-2f58-4515-806d-a715cbb1ed80 // CNVD: CNVD-2020-27094 // VULMON: CVE-2020-8485 // JVNDB: JVNDB-2020-005047 // NVD: CVE-2020-8485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8485
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8485
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005047
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27094
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2372
value: HIGH

Trust: 0.6

IVD: a95fe2e9-2ad9-4397-acee-b75aea6365aa
value: HIGH

Trust: 0.2

IVD: 58f66f62-2f58-4515-806d-a715cbb1ed80
value: HIGH

Trust: 0.2

VULHUB: VHN-186610
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8485
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8485
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005047
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27094
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: a95fe2e9-2ad9-4397-acee-b75aea6365aa
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 58f66f62-2f58-4515-806d-a715cbb1ed80
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-186610
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8485
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-005047
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: a95fe2e9-2ad9-4397-acee-b75aea6365aa // IVD: 58f66f62-2f58-4515-806d-a715cbb1ed80 // CNVD: CNVD-2020-27094 // VULHUB: VHN-186610 // VULMON: CVE-2020-8485 // JVNDB: JVNDB-2020-005047 // CNNVD: CNNVD-202004-2372 // NVD: CVE-2020-8485 // NVD: CVE-2020-8485

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-005047 // NVD: CVE-2020-8485

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2372

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202004-2372

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005047

PATCH
title:SECURITY Interprocess communication vulnerability in System 800xAurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005047

EXTERNAL IDS
db:NVDid:CVE-2020-8485
Trust: 3.6
db:ICS CERTid:ICSA-20-154-03
Trust: 1.4
db:CNVDid:CNVD-2020-27094
Trust: 1.1
db:CNNVDid:CNNVD-202004-2372
Trust: 1.1
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005047
Trust: 0.8
db:AUSCERTid:ESB-2020.1923
Trust: 0.6
db:IVDid:A95FE2E9-2AD9-4397-ACEE-B75AEA6365AA
Trust: 0.2
db:IVDid:58F66F62-2F58-4515-806D-A715CBB1ED80
Trust: 0.2
db:VULHUBid:VHN-186610
Trust: 0.1
db:VULMONid:CVE-2020-8485
Trust: 0.1
sources:
            
            
            IVD: a95fe2e9-2ad9-4397-acee-b75aea6365aa // 
            
            
            
            IVD: 58f66f62-2f58-4515-806d-a715cbb1ed80 // 
            
            
            
            CNVD: CNVD-2020-27094 // 
            
            
            
            VULHUB: VHN-186610 // 
            
            
            
            VULMON: CVE-2020-8485 // 
            
            
            
            JVNDB: JVNDB-2020-005047 // 
            
            
            
            CNNVD: CNNVD-202004-2372 // 
            
            
            
            NVD: CVE-2020-8485

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8485
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-03
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8485
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1923/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27094 // 
            
            
            
            VULHUB: VHN-186610 // 
            
            
            
            VULMON: CVE-2020-8485 // 
            
            
            
            JVNDB: JVNDB-2020-005047 // 
            
            
            
            CNNVD: CNNVD-202004-2372 // 
            
            
            
            NVD: CVE-2020-8485

SOURCES
db:IVDid:a95fe2e9-2ad9-4397-acee-b75aea6365aa
db:IVDid:58f66f62-2f58-4515-806d-a715cbb1ed80
db:CNVDid:CNVD-2020-27094
db:VULHUBid:VHN-186610
db:VULMONid:CVE-2020-8485
db:JVNDBid:JVNDB-2020-005047
db:CNNVDid:CNNVD-202004-2372
db:NVDid:CVE-2020-8485

LAST UPDATE DATE
2024-11-23T21:35:52.014000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27094date:2020-05-08T00:00:00
db:VULHUBid:VHN-186610date:2020-05-07T00:00:00
db:VULMONid:CVE-2020-8485date:2020-05-07T00:00:00
db:JVNDBid:JVNDB-2020-005047date:2020-06-10T00:00:00
db:CNNVDid:CNNVD-202004-2372date:2020-06-08T00:00:00
db:NVDid:CVE-2020-8485date:2024-11-21T05:38:55.647

SOURCES RELEASE DATE
db:IVDid:a95fe2e9-2ad9-4397-acee-b75aea6365aadate:2020-04-28T00:00:00
db:IVDid:58f66f62-2f58-4515-806d-a715cbb1ed80date:2020-04-28T00:00:00
db:CNVDid:CNVD-2020-27094date:2020-05-08T00:00:00
db:VULHUBid:VHN-186610date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8485date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005047date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2372date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8485date:2020-04-29T02:15:12.203