Sign-up

ID

VAR-202004-2171


CVE

CVE-2020-8472


TITLE

plural ABB System 800xA Vulnerability in improper permission assignment for critical resources in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-005094

DESCRIPTION

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. plural ABB System 800xA The product contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB OPCServer for AC800M is a product of Swiss ABB company. ABB OPCServer for AC800M is an OPC (OLE for Process Control) server for AC800M. Control Builder M Professional is a compact control builder. MMSServer for AC800M is a MMS server for AC800M. A variety of ABB products have access control error vulnerabilities. Attackers can use this vulnerability to increase permissions and cause the system The function terminates and destroys the user's application

Trust: 2.34

sources: NVD: CVE-2020-8472 // JVNDB: JVNDB-2020-005094 // CNVD: CNVD-2020-32229 // VULHUB: VHN-186597 // VULMON: CVE-2020-8472

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-32229

AFFECTED PRODUCTS

vendor:abbmodel:control builder mscope:lteversion:6.1

Trust: 1.0

vendor:abbmodel:mms serverscope:lteversion:6.1

Trust: 1.0

vendor:abbmodel:opc serverscope:lteversion:6.0

Trust: 1.0

vendor:abbmodel:base softwarescope:lteversion:6.1

Trust: 1.0

vendor:abbmodel:basesoftwarescope:eqversion:for softcontrol 6.1

Trust: 0.8

vendor:abbmodel:controlbuildermscope:eqversion:for professional 6.1

Trust: 0.8

vendor:abbmodel:mmsserverscope:eqversion:6.1

Trust: 0.8

vendor:abbmodel:opcserverscope:eqversion:6.0

Trust: 0.8

vendor:abbmodel:opcserver for ac800mscope:lteversion:<=6.0

Trust: 0.6

vendor:abbmodel:control builder mprofessionalscope:lteversion:<=6.0

Trust: 0.6

vendor:abbmodel:mmsserver for ac800mscope:lteversion:<=6.0

Trust: 0.6

vendor:abbmodel:base software for softcontrolscope:lteversion:<=6.0

Trust: 0.6

sources: CNVD: CNVD-2020-32229 // JVNDB: JVNDB-2020-005094 // NVD: CVE-2020-8472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8472
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8472
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005094
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-32229
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2357
value: HIGH

Trust: 0.6

VULHUB: VHN-186597
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8472
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8472
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005094
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-32229
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-186597
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8472
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8472
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005094
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-32229 // VULHUB: VHN-186597 // VULMON: CVE-2020-8472 // JVNDB: JVNDB-2020-005094 // CNNVD: CNNVD-202004-2357 // NVD: CVE-2020-8472 // NVD: CVE-2020-8472

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.9

sources: VULHUB: VHN-186597 // JVNDB: JVNDB-2020-005094 // NVD: CVE-2020-8472

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2357

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-2357

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005094

PATCH
title:SECURITY System 800xA Weak File Permissionsurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for Multiple ABB product access control error vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/220855
Trust: 0.6
title:Multiple ABB Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118767
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-32229 // 
            
            
            
            JVNDB: JVNDB-2020-005094 // 
            
            
            
            CNNVD: CNNVD-202004-2357

EXTERNAL IDS
db:NVDid:CVE-2020-8472
Trust: 3.2
db:ICS CERTid:ICSA-20-154-01
Trust: 2.0
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-005094
Trust: 0.8
db:CNVDid:CNVD-2020-32229
Trust: 0.7
db:CNNVDid:CNNVD-202004-2357
Trust: 0.7
db:AUSCERTid:ESB-2020.1921
Trust: 0.6
db:VULHUBid:VHN-186597
Trust: 0.1
db:VULMONid:CVE-2020-8472
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-32229 // 
            
            
            
            VULHUB: VHN-186597 // 
            
            
            
            VULMON: CVE-2020-8472 // 
            
            
            
            JVNDB: JVNDB-2020-005094 // 
            
            
            
            CNNVD: CNNVD-202004-2357 // 
            
            
            
            NVD: CVE-2020-8472

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-01
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=2paa121106&languagecode=en&documentpartid=&action=launch
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-8472
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8472
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1921/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121106&amp;languagecode=en&amp;documentpartid=&amp;action=launch
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-32229 // 
            
            
            
            VULHUB: VHN-186597 // 
            
            
            
            VULMON: CVE-2020-8472 // 
            
            
            
            JVNDB: JVNDB-2020-005094 // 
            
            
            
            CNNVD: CNNVD-202004-2357 // 
            
            
            
            NVD: CVE-2020-8472

SOURCES
db:CNVDid:CNVD-2020-32229
db:VULHUBid:VHN-186597
db:VULMONid:CVE-2020-8472
db:JVNDBid:JVNDB-2020-005094
db:CNNVDid:CNNVD-202004-2357
db:NVDid:CVE-2020-8472

LAST UPDATE DATE
2024-11-23T21:35:51.897000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-32229date:2020-06-10T00:00:00
db:VULHUBid:VHN-186597date:2020-05-14T00:00:00
db:VULMONid:CVE-2020-8472date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-005094date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2357date:2020-06-04T00:00:00
db:NVDid:CVE-2020-8472date:2024-11-21T05:38:54.380

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-32229date:2020-06-10T00:00:00
db:VULHUBid:VHN-186597date:2020-04-29T00:00:00
db:VULMONid:CVE-2020-8472date:2020-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005094date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2357date:2020-04-28T00:00:00
db:NVDid:CVE-2020-8472date:2020-04-29T00:15:12.140