Sign-up

ID

VAR-202005-1022


CVE

CVE-2020-8482


TITLE

ABB Device Library Wizard Vulnerability in insecure storage of critical information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005914

DESCRIPTION

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data. An attacker could exploit this vulnerability to obtain files containing confidential data

Trust: 1.71

sources: NVD: CVE-2020-8482 // JVNDB: JVNDB-2020-005914 // VULHUB: VHN-186607

AFFECTED PRODUCTS

vendor:abbmodel:device library wizardscope:eqversion:6.1.0

Trust: 1.0

vendor:abbmodel:device library wizardscope:gteversion:6.0.0

Trust: 1.0

vendor:abbmodel:device library wizardscope:lteversion:6.0.3.2

Trust: 1.0

vendor:abbmodel:device library wizardscope:eqversion:6.0.3.1

Trust: 0.8

vendor:abbmodel:device library wizardscope:eqversion:6.0.3.2

Trust: 0.8

vendor:abbmodel:device library wizardscope:eqversion:6.0.x

Trust: 0.8

sources: JVNDB: JVNDB-2020-005914 // NVD: CVE-2020-8482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8482
value: MEDIUM

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8482
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005914
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-1450
value: MEDIUM

Trust: 0.6

VULHUB: VHN-186607
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-8482
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005914
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186607
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8482
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-8482
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005914
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186607 // JVNDB: JVNDB-2020-005914 // CNNVD: CNNVD-202005-1450 // NVD: CVE-2020-8482 // NVD: CVE-2020-8482

PROBLEMTYPE DATA

problemtype:CWE-922

Trust: 1.8

sources: JVNDB: JVNDB-2020-005914 // NVD: CVE-2020-8482

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1450

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1450

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005914

PATCH
title:SECURITY ABB Device Library Wizard Information Disclosure Vulnerabilityurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch
Trust: 0.8
title:ABB Device Library Wizard Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120196
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005914 // 
            
            
            
            CNNVD: CNNVD-202005-1450

EXTERNAL IDS
db:NVDid:CVE-2020-8482
Trust: 2.5
db:ICS CERTid:ICSA-20-175-03
Trust: 1.4
db:JVNid:JVNVU96076974
Trust: 0.8
db:JVNDBid:JVNDB-2020-005914
Trust: 0.8
db:CNNVDid:CNNVD-202005-1450
Trust: 0.7
db:AUSCERTid:ESB-2020.2178
Trust: 0.6
db:NSFOCUSid:47410
Trust: 0.6
db:VULHUBid:VHN-186607
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186607 // 
            
            
            
            JVNDB: JVNDB-2020-005914 // 
            
            
            
            CNNVD: CNNVD-202005-1450 // 
            
            
            
            NVD: CVE-2020-8482

REFERENCES
url:https://search.abb.com/library/download.aspx?documentid=2paa121681&languagecode=en&documentpartid=&action=launch
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-175-03
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-8482
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8482
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96076974/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2178/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47410
Trust: 0.6
url:https://search.abb.com/library/download.aspx?documentid=2paa121681&languagecode=en&documentpartid=&action=launch
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186607 // 
            
            
            
            JVNDB: JVNDB-2020-005914 // 
            
            
            
            CNNVD: CNNVD-202005-1450 // 
            
            
            
            NVD: CVE-2020-8482

SOURCES
db:VULHUBid:VHN-186607
db:JVNDBid:JVNDB-2020-005914
db:CNNVDid:CNNVD-202005-1450
db:NVDid:CVE-2020-8482

LAST UPDATE DATE
2024-11-23T22:41:05.332000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-186607date:2020-06-01T00:00:00
db:JVNDBid:JVNDB-2020-005914date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202005-1450date:2021-01-04T00:00:00
db:NVDid:CVE-2020-8482date:2024-11-21T05:38:55.443

SOURCES RELEASE DATE
db:VULHUBid:VHN-186607date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2020-005914date:2020-06-25T00:00:00
db:CNNVDid:CNNVD-202005-1450date:2020-05-29T00:00:00
db:NVDid:CVE-2020-8482date:2020-05-29T22:15:10.817