Details of VAR-202004-2172

ID

VAR-202004-2172

CVE

CVE-2020-8473

TITLE

ABB System 800xA Base Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005095

DESCRIPTION

Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. ABB System 800xA Base Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company. ABB System 800xA Base 6.1 and previous versions have security vulnerabilities. Attackers can use this vulnerability to elevate permissions. Cause the system function to terminate and destroy the user's application program

Trust: 2.7

sources: NVD: CVE-2020-8473 // JVNDB: JVNDB-2020-005095 // CNVD: CNVD-2020-27099 // IVD: 266576f9-6cf9-474f-b47e-933ff53bbb24 // IVD: aeb8befa-f856-4630-bb56-dfcfb9dfb96a // VULHUB: VHN-186598 // VULMON: CVE-2020-8473

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 266576f9-6cf9-474f-b47e-933ff53bbb24 // IVD: aeb8befa-f856-4630-bb56-dfcfb9dfb96a // CNVD: CNVD-2020-27099

AFFECTED PRODUCTS

vendor:	abb	model:	800xa base system	scope:	lte	version:	6.1	Trust: 1.0
vendor:	abb	model:	system 800xa base	scope:	eq	version:	6.1	Trust: 0.8
vendor:	abb	model:	system 800xa base	scope:	lte	version:	<=6.1	Trust: 0.6
vendor:	800xa base system	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	abb	model:	800xa base system	scope:	eq	version:	6.1	Trust: 0.1

sources: IVD: 266576f9-6cf9-474f-b47e-933ff53bbb24 // IVD: aeb8befa-f856-4630-bb56-dfcfb9dfb96a // CNVD: CNVD-2020-27099 // VULMON: CVE-2020-8473 // JVNDB: JVNDB-2020-005095 // NVD: CVE-2020-8473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8473
value:	HIGH
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2020-8473
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005095
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-27099
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-2360
value:	HIGH
Trust: 0.6
IVD:	266576f9-6cf9-474f-b47e-933ff53bbb24
value:	HIGH
Trust: 0.2
IVD:	aeb8befa-f856-4630-bb56-dfcfb9dfb96a
value:	HIGH
Trust: 0.2
VULHUB:	VHN-186598
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-8473
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8473
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005095
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-27099
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	266576f9-6cf9-474f-b47e-933ff53bbb24
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	aeb8befa-f856-4630-bb56-dfcfb9dfb96a
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-186598
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8473
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2020-8473
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005095
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 266576f9-6cf9-474f-b47e-933ff53bbb24 // IVD: aeb8befa-f856-4630-bb56-dfcfb9dfb96a // CNVD: CNVD-2020-27099 // VULHUB: VHN-186598 // VULMON: CVE-2020-8473 // JVNDB: JVNDB-2020-005095 // CNNVD: CNNVD-202004-2360 // NVD: CVE-2020-8473 // NVD: CVE-2020-8473

PROBLEMTYPE DATA

problemtype:

CWE-732

Trust: 1.9

sources: VULHUB: VHN-186598 // JVNDB: JVNDB-2020-005095 // NVD: CVE-2020-8473

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2360

TYPE

other

Trust: 1.0

sources: IVD: 266576f9-6cf9-474f-b47e-933ff53bbb24 // IVD: aeb8befa-f856-4630-bb56-dfcfb9dfb96a // CNNVD: CNNVD-202004-2360

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005095

PATCH

title:	SECURITY System 800xA Weak File Permissions	url:	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=en&DocumentPartId=&Action=Launch	Trust: 0.8
title:	Patch for ABB System 800xA Base has an unknown vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/216657	Trust: 0.6
title:	ABB System 800xA Base Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117446	Trust: 0.6

sources: CNVD: CNVD-2020-27099 // JVNDB: JVNDB-2020-005095 // CNNVD: CNNVD-202004-2360

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8473	Trust: 3.6
db:	ICS CERT	id:	ICSA-20-154-01	Trust: 1.4
db:	CNVD	id:	CNVD-2020-27099	Trust: 1.1
db:	CNNVD	id:	CNNVD-202004-2360	Trust: 1.1
db:	JVN	id:	JVNVU94921886	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005095	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.1921	Trust: 0.6
db:	IVD	id:	266576F9-6CF9-474F-B47E-933FF53BBB24	Trust: 0.2
db:	IVD	id:	AEB8BEFA-F856-4630-BB56-DFCFB9DFB96A	Trust: 0.2
db:	VULHUB	id:	VHN-186598	Trust: 0.1
db:	VULMON	id:	CVE-2020-8473	Trust: 0.1

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-8473	Trust: 2.0
url:	https://search.abb.com/library/download.aspx?documentid=2paa121106&languagecode=en&documentpartid=&action=launch	Trust: 1.7
url:	https://www.us-cert.gov/ics/advisories/icsa-20-154-01	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8473	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94921886/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1921/	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=2paa121106&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/732.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-27099 // VULHUB: VHN-186598 // VULMON: CVE-2020-8473 // JVNDB: JVNDB-2020-005095 // CNNVD: CNNVD-202004-2360 // NVD: CVE-2020-8473

SOURCES

db:	IVD	id:	266576f9-6cf9-474f-b47e-933ff53bbb24
db:	IVD	id:	aeb8befa-f856-4630-bb56-dfcfb9dfb96a
db:	CNVD	id:	CNVD-2020-27099
db:	VULHUB	id:	VHN-186598
db:	VULMON	id:	CVE-2020-8473
db:	JVNDB	id:	JVNDB-2020-005095
db:	CNNVD	id:	CNNVD-202004-2360
db:	NVD	id:	CVE-2020-8473

LAST UPDATE DATE

2024-11-23T21:35:51.775000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27099	date:	2020-05-08T00:00:00
db:	VULHUB	id:	VHN-186598	date:	2020-05-14T00:00:00
db:	VULMON	id:	CVE-2020-8473	date:	2020-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-005095	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2360	date:	2020-06-04T00:00:00
db:	NVD	id:	CVE-2020-8473	date:	2024-11-21T05:38:54.493

SOURCES RELEASE DATE

db:	IVD	id:	266576f9-6cf9-474f-b47e-933ff53bbb24	date:	2020-04-28T00:00:00
db:	IVD	id:	aeb8befa-f856-4630-bb56-dfcfb9dfb96a	date:	2020-04-28T00:00:00
db:	CNVD	id:	CNVD-2020-27099	date:	2020-05-08T00:00:00
db:	VULHUB	id:	VHN-186598	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-8473	date:	2020-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-005095	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2360	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-8473	date:	2020-04-29T00:15:12.203