Sign-up

ID

VAR-202004-2173


CVE

CVE-2020-8474


TITLE

ABB System 800xA Base Authorization Issue Vulnerability

Trust: 1.0

sources: IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca // IVD: e72c0533-0499-4461-92e0-ebce5e995817 // CNVD: CNVD-2020-25012

DESCRIPTION

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. ABB System 800xA Information Manager Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company. ABB System 800xA Base has an authorization vulnerability

Trust: 2.61

sources: NVD: CVE-2020-8474 // JVNDB: JVNDB-2020-004734 // CNVD: CNVD-2020-25012 // IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca // IVD: e72c0533-0499-4461-92e0-ebce5e995817 // VULHUB: VHN-186599

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca // IVD: e72c0533-0499-4461-92e0-ebce5e995817 // CNVD: CNVD-2020-25012

AFFECTED PRODUCTS

vendor:abbmodel:system 800xa basescope: - version: -

Trust: 1.4

vendor:abbmodel:800xa base systemscope:lteversion:6.0.0

Trust: 1.0

vendor:800xa base systemmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca // IVD: e72c0533-0499-4461-92e0-ebce5e995817 // CNVD: CNVD-2020-25012 // JVNDB: JVNDB-2020-004734 // NVD: CVE-2020-8474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8474
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8474
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004734
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-25012
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1905
value: HIGH

Trust: 0.6

IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca
value: HIGH

Trust: 0.2

IVD: e72c0533-0499-4461-92e0-ebce5e995817
value: HIGH

Trust: 0.2

VULHUB: VHN-186599
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8474
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004734
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-25012
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e72c0533-0499-4461-92e0-ebce5e995817
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-186599
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8474
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-004734
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca // IVD: e72c0533-0499-4461-92e0-ebce5e995817 // CNVD: CNVD-2020-25012 // VULHUB: VHN-186599 // JVNDB: JVNDB-2020-004734 // CNNVD: CNNVD-202004-1905 // NVD: CVE-2020-8474 // NVD: CVE-2020-8474

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.9

problemtype:CWE-275

Trust: 1.0

sources: VULHUB: VHN-186599 // JVNDB: JVNDB-2020-004734 // NVD: CVE-2020-8474

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1905

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202004-1905

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004734

PATCH
title:SECURITY System 800xA Weak Registry Permissionsurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:Patch for ABB System 800xA Base authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/215501
Trust: 0.6
title:ABB System 800xA Base Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117005
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25012 // 
            
            
            
            JVNDB: JVNDB-2020-004734 // 
            
            
            
            CNNVD: CNNVD-202004-1905

EXTERNAL IDS
db:NVDid:CVE-2020-8474
Trust: 3.5
db:ICS CERTid:ICSA-20-154-02
Trust: 1.4
db:CNNVDid:CNNVD-202004-1905
Trust: 1.1
db:CNVDid:CNVD-2020-25012
Trust: 1.0
db:JVNid:JVNVU94921886
Trust: 0.8
db:JVNDBid:JVNDB-2020-004734
Trust: 0.8
db:AUSCERTid:ESB-2020.1922
Trust: 0.6
db:IVDid:CBC79F2C-47B2-40AB-ABF7-0014B91B5ECA
Trust: 0.2
db:IVDid:E72C0533-0499-4461-92E0-EBCE5E995817
Trust: 0.2
db:VULHUBid:VHN-186599
Trust: 0.1
sources:
            
            
            IVD: cbc79f2c-47b2-40ab-abf7-0014b91b5eca // 
            
            
            
            IVD: e72c0533-0499-4461-92e0-ebce5e995817 // 
            
            
            
            CNVD: CNVD-2020-25012 // 
            
            
            
            VULHUB: VHN-186599 // 
            
            
            
            JVNDB: JVNDB-2020-004734 // 
            
            
            
            CNNVD: CNNVD-202004-1905 // 
            
            
            
            NVD: CVE-2020-8474

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8474
Trust: 2.0
url:https://search.abb.com/library/download.aspx?documentid=2paa121221&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-154-02
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8474
Trust: 0.8
url:https://jvn.jp/vu/jvnvu94921886/index.html
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1922/
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121221&languagecode=en&documentpartid=&action=launch
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-25012 // 
            
            
            
            VULHUB: VHN-186599 // 
            
            
            
            JVNDB: JVNDB-2020-004734 // 
            
            
            
            CNNVD: CNNVD-202004-1905 // 
            
            
            
            NVD: CVE-2020-8474

SOURCES
db:IVDid:cbc79f2c-47b2-40ab-abf7-0014b91b5eca
db:IVDid:e72c0533-0499-4461-92e0-ebce5e995817
db:CNVDid:CNVD-2020-25012
db:VULHUBid:VHN-186599
db:JVNDBid:JVNDB-2020-004734
db:CNNVDid:CNNVD-202004-1905
db:NVDid:CVE-2020-8474

LAST UPDATE DATE
2024-11-23T21:35:51.858000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25012date:2020-04-26T00:00:00
db:VULHUBid:VHN-186599date:2020-04-30T00:00:00
db:JVNDBid:JVNDB-2020-004734date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-1905date:2020-06-04T00:00:00
db:NVDid:CVE-2020-8474date:2024-11-21T05:38:54.607

SOURCES RELEASE DATE
db:IVDid:cbc79f2c-47b2-40ab-abf7-0014b91b5ecadate:2020-04-22T00:00:00
db:IVDid:e72c0533-0499-4461-92e0-ebce5e995817date:2020-04-22T00:00:00
db:CNVDid:CNVD-2020-25012date:2020-04-26T00:00:00
db:VULHUBid:VHN-186599date:2020-04-22T00:00:00
db:JVNDBid:JVNDB-2020-004734date:2020-05-26T00:00:00
db:CNNVDid:CNNVD-202004-1905date:2020-04-22T00:00:00
db:NVDid:CVE-2020-8474date:2020-04-22T15:15:14.643