Sign-up

ID

VAR-202004-2167


CVE

CVE-2020-8488


TITLE

ABB System 800xA Batch Management Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005103

DESCRIPTION

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. ABB System 800xA Batch Management There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Batch Management is an application software package for the configuration, scheduling and management of batch operations by Swiss ABB company

Trust: 2.7

sources: NVD: CVE-2020-8488 // JVNDB: JVNDB-2020-005103 // CNVD: CNVD-2020-27097 // IVD: 75768f16-2a43-4fb1-962e-28c3622e408a // IVD: 68615b50-4c17-4e6c-a667-780a5feb74d6 // VULHUB: VHN-186613 // VULMON: CVE-2020-8488

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 75768f16-2a43-4fb1-962e-28c3622e408a // IVD: 68615b50-4c17-4e6c-a667-780a5feb74d6 // CNVD: CNVD-2020-27097

AFFECTED PRODUCTS

vendor:abbmodel:system 800xa batch managementscope: - version: -

Trust: 1.4

vendor:abbmodel:800xa batch managementscope:eqversion:*

Trust: 1.1

vendor:800xa batch managementmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 75768f16-2a43-4fb1-962e-28c3622e408a // IVD: 68615b50-4c17-4e6c-a667-780a5feb74d6 // CNVD: CNVD-2020-27097 // VULMON: CVE-2020-8488 // JVNDB: JVNDB-2020-005103 // NVD: CVE-2020-8488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8488
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8488
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005103
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27097
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2375
value: HIGH

Trust: 0.6

IVD: 75768f16-2a43-4fb1-962e-28c3622e408a
value: HIGH

Trust: 0.2

IVD: 68615b50-4c17-4e6c-a667-780a5feb74d6
value: HIGH

Trust: 0.2

VULHUB: VHN-186613
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8488
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8488
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005103
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27097
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 75768f16-2a43-4fb1-962e-28c3622e408a
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 68615b50-4c17-4e6c-a667-780a5feb74d6
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-186613
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8488
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-005103
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 75768f16-2a43-4fb1-962e-28c3622e408a // IVD: 68615b50-4c17-4e6c-a667-780a5feb74d6 // CNVD: CNVD-2020-27097 // VULHUB: VHN-186613 // VULMON: CVE-2020-8488 // JVNDB: JVNDB-2020-005103 // CNNVD: CNNVD-202004-2375 // NVD: CVE-2020-8488 // NVD: CVE-2020-8488

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-005103 // NVD: CVE-2020-8488

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2375

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202004-2375

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005103

PATCH
title:SECURITY Interprocess communication vulnerability in System 800xAurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005103

EXTERNAL IDS
db:NVDid:CVE-2020-8488
Trust: 3.6
db:ICS CERTid:ICSA-20-154-03
Trust: 1.4
db:CNVDid:CNVD-2020-27097
Trust: 1.1
db:CNNVDid:CNNVD-202004-2375
Trust: 1.1
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005103
Trust: 0.8
db:AUSCERTid:ESB-2020.1923
Trust: 0.6
db:IVDid:75768F16-2A43-4FB1-962E-28C3622E408A
Trust: 0.2
db:IVDid:68615B50-4C17-4E6C-A667-780A5FEB74D6
Trust: 0.2
db:VULHUBid:VHN-186613
Trust: 0.1
db:VULMONid:CVE-2020-8488
Trust: 0.1
sources:
            
            
            IVD: 75768f16-2a43-4fb1-962e-28c3622e408a // 
            
            
            
            IVD: 68615b50-4c17-4e6c-a667-780a5feb74d6 // 
            
            
            
            CNVD: CNVD-2020-27097 // 
            
            
            
            VULHUB: VHN-186613 // 
            
            
            
            VULMON: CVE-2020-8488 // 
            
            
            
            JVNDB: JVNDB-2020-005103 // 
            
            
            
            CNNVD: CNNVD-202004-2375 // 
            
            
            
            NVD: CVE-2020-8488

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8488
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-03
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8488
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1923/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27097 // 
            
            
            
            VULHUB: VHN-186613 // 
            
            
            
            VULMON: CVE-2020-8488 // 
            
            
            
            JVNDB: JVNDB-2020-005103 // 
            
            
            
            CNNVD: CNNVD-202004-2375 // 
            
            
            
            NVD: CVE-2020-8488

SOURCES
db:IVDid:75768f16-2a43-4fb1-962e-28c3622e408a
db:IVDid:68615b50-4c17-4e6c-a667-780a5feb74d6
db:CNVDid:CNVD-2020-27097
db:VULHUBid:VHN-186613
db:VULMONid:CVE-2020-8488
db:JVNDBid:JVNDB-2020-005103
db:CNNVDid:CNNVD-202004-2375
db:NVDid:CVE-2020-8488

LAST UPDATE DATE
2024-11-23T21:35:51.931000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27097date:2020-05-08T00:00:00
db:VULHUBid:VHN-186613date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-8488date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005103date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2375date:2020-06-08T00:00:00
db:NVDid:CVE-2020-8488date:2024-11-21T05:38:55.957

SOURCES RELEASE DATE
db:IVDid:75768f16-2a43-4fb1-962e-28c3622e408adate:2020-04-28T00:00:00
db:IVDid:68615b50-4c17-4e6c-a667-780a5feb74d6date:2020-04-28T00:00:00
db:CNVDid:CNVD-2020-27097date:2020-05-08T00:00:00
db:VULHUBid:VHN-186613date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8488date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005103date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2375date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8488date:2020-04-29T02:15:12.437