Sign-up

ID

VAR-202004-2168


CVE

CVE-2020-8489


TITLE

ABB System 800xA Information Management Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005104

DESCRIPTION

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. ABB System 800xA Information Management There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system provides intelligent data access functions that can access real-time and historical information of all applications in the extended automation system

Trust: 2.7

sources: NVD: CVE-2020-8489 // JVNDB: JVNDB-2020-005104 // CNVD: CNVD-2020-27098 // IVD: 24d10332-4a66-4acb-bd79-583f12d2ddf0 // IVD: 9a6d8fcb-222a-4a01-a1e3-067966e75bf5 // VULHUB: VHN-186614 // VULMON: CVE-2020-8489

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 24d10332-4a66-4acb-bd79-583f12d2ddf0 // IVD: 9a6d8fcb-222a-4a01-a1e3-067966e75bf5 // CNVD: CNVD-2020-27098

AFFECTED PRODUCTS

vendor:abbmodel:800xa information managementscope:eqversion:*

Trust: 1.1

vendor:abbmodel:system 800xa information managerscope: - version: -

Trust: 0.8

vendor:abbmodel:system 800xa information managementscope: - version: -

Trust: 0.6

vendor:800xa information managementmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 24d10332-4a66-4acb-bd79-583f12d2ddf0 // IVD: 9a6d8fcb-222a-4a01-a1e3-067966e75bf5 // CNVD: CNVD-2020-27098 // VULMON: CVE-2020-8489 // JVNDB: JVNDB-2020-005104 // NVD: CVE-2020-8489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8489
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8489
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005104
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27098
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-2376
value: HIGH

Trust: 0.6

IVD: 24d10332-4a66-4acb-bd79-583f12d2ddf0
value: HIGH

Trust: 0.2

IVD: 9a6d8fcb-222a-4a01-a1e3-067966e75bf5
value: HIGH

Trust: 0.2

VULHUB: VHN-186614
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8489
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8489
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005104
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27098
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 24d10332-4a66-4acb-bd79-583f12d2ddf0
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 9a6d8fcb-222a-4a01-a1e3-067966e75bf5
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-186614
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8489
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-005104
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 24d10332-4a66-4acb-bd79-583f12d2ddf0 // IVD: 9a6d8fcb-222a-4a01-a1e3-067966e75bf5 // CNVD: CNVD-2020-27098 // VULHUB: VHN-186614 // VULMON: CVE-2020-8489 // JVNDB: JVNDB-2020-005104 // CNNVD: CNNVD-202004-2376 // NVD: CVE-2020-8489 // NVD: CVE-2020-8489

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-005104 // NVD: CVE-2020-8489

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2376

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202004-2376

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005104

PATCH
title:SECURITY Interprocess communication vulnerability in System 800xAurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-005104

EXTERNAL IDS
db:NVDid:CVE-2020-8489
Trust: 3.6
db:ICS CERTid:ICSA-20-154-03
Trust: 1.4
db:CNVDid:CNVD-2020-27098
Trust: 1.1
db:CNNVDid:CNNVD-202004-2376
Trust: 1.1
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005104
Trust: 0.8
db:AUSCERTid:ESB-2020.1923
Trust: 0.6
db:IVDid:24D10332-4A66-4ACB-BD79-583F12D2DDF0
Trust: 0.2
db:IVDid:9A6D8FCB-222A-4A01-A1E3-067966E75BF5
Trust: 0.2
db:VULHUBid:VHN-186614
Trust: 0.1
db:VULMONid:CVE-2020-8489
Trust: 0.1
sources:
            
            
            IVD: 24d10332-4a66-4acb-bd79-583f12d2ddf0 // 
            
            
            
            IVD: 9a6d8fcb-222a-4a01-a1e3-067966e75bf5 // 
            
            
            
            CNVD: CNVD-2020-27098 // 
            
            
            
            VULHUB: VHN-186614 // 
            
            
            
            VULMON: CVE-2020-8489 // 
            
            
            
            JVNDB: JVNDB-2020-005104 // 
            
            
            
            CNNVD: CNNVD-202004-2376 // 
            
            
            
            NVD: CVE-2020-8489

REFERENCES
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-8489
Trust: 2.0
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-03
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8489
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1923/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121236&languagecode=en&documentpartid=&action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-27098 // 
            
            
            
            VULHUB: VHN-186614 // 
            
            
            
            VULMON: CVE-2020-8489 // 
            
            
            
            JVNDB: JVNDB-2020-005104 // 
            
            
            
            CNNVD: CNNVD-202004-2376 // 
            
            
            
            NVD: CVE-2020-8489

SOURCES
db:IVDid:24d10332-4a66-4acb-bd79-583f12d2ddf0
db:IVDid:9a6d8fcb-222a-4a01-a1e3-067966e75bf5
db:CNVDid:CNVD-2020-27098
db:VULHUBid:VHN-186614
db:VULMONid:CVE-2020-8489
db:JVNDBid:JVNDB-2020-005104
db:CNNVDid:CNNVD-202004-2376
db:NVDid:CVE-2020-8489

LAST UPDATE DATE
2024-11-23T21:35:51.671000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-27098date:2020-05-08T00:00:00
db:VULHUBid:VHN-186614date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-8489date:2020-05-08T00:00:00
db:JVNDBid:JVNDB-2020-005104date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2376date:2020-06-08T00:00:00
db:NVDid:CVE-2020-8489date:2024-11-21T05:38:56.057

SOURCES RELEASE DATE
db:IVDid:24d10332-4a66-4acb-bd79-583f12d2ddf0date:2020-04-28T00:00:00
db:IVDid:9a6d8fcb-222a-4a01-a1e3-067966e75bf5date:2020-04-28T00:00:00
db:CNVDid:CNVD-2020-27098date:2020-05-08T00:00:00
db:VULHUBid:VHN-186614date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8489date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005104date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2376date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8489date:2020-04-29T02:15:12.513