Sign-up

ID

VAR-202004-2166


CVE

CVE-2020-8487


TITLE

ABB System 800xA Base Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005102

DESCRIPTION

Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. ABB System 800xA Base There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company. ABB System 800xA Base (all versions) has a vulnerability in permissions and access control issues

Trust: 2.7

sources: NVD: CVE-2020-8487 // JVNDB: JVNDB-2020-005102 // CNVD: CNVD-2020-27096 // IVD: 0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a // IVD: 63e16e8b-a907-4e29-a713-0e17f8203270 // VULHUB: VHN-186612 // VULMON: CVE-2020-8487

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a // IVD: 63e16e8b-a907-4e29-a713-0e17f8203270 // CNVD: CNVD-2020-27096

AFFECTED PRODUCTS

vendor:abbmodel:system 800xa basescope: - version: -

Trust: 1.4

vendor:abbmodel:800xa base systemscope:eqversion:*

Trust: 1.0

vendor:800xa base systemmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a // IVD: 63e16e8b-a907-4e29-a713-0e17f8203270 // CNVD: CNVD-2020-27096 // JVNDB: JVNDB-2020-005102 // NVD: CVE-2020-8487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8487
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8487
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005102
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27096
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2373
value: HIGH

Trust: 0.6

IVD: 0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a
value: HIGH

Trust: 0.2

IVD: 63e16e8b-a907-4e29-a713-0e17f8203270
value: HIGH

Trust: 0.2

VULHUB: VHN-186612
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8487
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8487
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005102
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27096
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 63e16e8b-a907-4e29-a713-0e17f8203270
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-186612
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8487
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8487
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005102
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a // IVD: 63e16e8b-a907-4e29-a713-0e17f8203270 // CNVD: CNVD-2020-27096 // VULHUB: VHN-186612 // VULMON: CVE-2020-8487 // JVNDB: JVNDB-2020-005102 // CNNVD: CNNVD-202004-2373 // NVD: CVE-2020-8487 // NVD: CVE-2020-8487

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-005102 // NVD: CVE-2020-8487

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2373

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202004-2373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005102

PATCH
title:SECURITY Interprocess communication vulnerability in System 800xAurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005102

EXTERNAL IDS
db:NVDid:CVE-2020-8487
Trust: 3.6
db:ICS CERTid:ICSA-20-154-03
Trust: 1.4
db:CNVDid:CNVD-2020-27096
Trust: 1.1
db:CNNVDid:CNNVD-202004-2373
Trust: 1.1
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005102
Trust: 0.8
db:AUSCERTid:ESB-2020.1923
Trust: 0.6
db:IVDid:0FC0B57B-C7DD-46C6-B2BD-4AC105F5245A
Trust: 0.2
db:IVDid:63E16E8B-A907-4E29-A713-0E17F8203270
Trust: 0.2
db:VULHUBid:VHN-186612
Trust: 0.1
db:VULMONid:CVE-2020-8487
Trust: 0.1
sources:
            
            
            IVD: 0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a // 
            
            
            
            IVD: 63e16e8b-a907-4e29-a713-0e17f8203270 // 
            
            
            
            CNVD: CNVD-2020-27096 // 
            
            
            
            VULHUB: VHN-186612 // 
            
            
            
            VULMON: CVE-2020-8487 // 
            
            
            
            JVNDB: JVNDB-2020-005102 // 
            
            
            
            CNNVD: CNNVD-202004-2373 // 
            
            
            
            NVD: CVE-2020-8487

REFERENCES
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-8487
Trust: 2.0
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-03
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8487
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1923/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27096 // 
            
            
            
            VULHUB: VHN-186612 // 
            
            
            
            VULMON: CVE-2020-8487 // 
            
            
            
            JVNDB: JVNDB-2020-005102 // 
            
            
            
            CNNVD: CNNVD-202004-2373 // 
            
            
            
            NVD: CVE-2020-8487

SOURCES
db:IVDid:0fc0b57b-c7dd-46c6-b2bd-4ac105f5245a
db:IVDid:63e16e8b-a907-4e29-a713-0e17f8203270
db:CNVDid:CNVD-2020-27096
db:VULHUBid:VHN-186612
db:VULMONid:CVE-2020-8487
db:JVNDBid:JVNDB-2020-005102
db:CNNVDid:CNNVD-202004-2373
db:NVDid:CVE-2020-8487

LAST UPDATE DATE
2024-11-23T21:35:51.557000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27096date:2020-05-08T00:00:00
db:VULHUBid:VHN-186612date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-8487date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005102date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2373date:2020-06-08T00:00:00
db:NVDid:CVE-2020-8487date:2024-11-21T05:38:55.850

SOURCES RELEASE DATE
db:IVDid:0fc0b57b-c7dd-46c6-b2bd-4ac105f5245adate:2020-04-28T00:00:00
db:IVDid:63e16e8b-a907-4e29-a713-0e17f8203270date:2020-04-28T00:00:00
db:CNVDid:CNVD-2020-27096date:2020-05-08T00:00:00
db:VULHUBid:VHN-186612date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8487date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005102date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2373date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8487date:2020-04-29T02:15:12.343