CVE-2020-8475
Published Apr 29, 2020
Last updated 2 years ago
Overview
- Description
- For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.
- Source
- cybersecurity@ch.abb.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:N/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "342DDBC9-9FD6-4B34-AE9D-570173A28ECE"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:feature_pack_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A050979-A994-49BD-9B8A-2CE8D1A21E1D"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:feature_pack_4_revision_d:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12AEB479-DF30-4E2E-A384-0420176B7DDD"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF8C28D-4058-47E2-B540-7CA70702D659"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81955875-0A94-45A7-B006-976555BAAA4C"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_c:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2F9226C-1D0B-42FC-AF3D-7C887B1B4CB9"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_d:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77831051-E99E-48D3-8064-8F46FDB1D8B2"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_e:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1599944B-B135-4749-99D3-67A0A57D391B"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_e_feature_pack_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BD664F9-E4EF-4470-9D28-724769D725CB"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA233139-3C36-4FAC-8C00-07C2993CE76D"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9BF94DB-5305-4377-839B-F881EE66E831"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:6.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BD4D1B8-27CE-46AC-ABD0-1D8450CB07EB"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:6.0.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45C9941D-F127-40A1-BFA4-C8D243465C4B"
},
{
"criteria": "cpe:2.3:a:abb:800xa_system:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADABF9B1-0CD4-45D5-8A27-62ADB848718A"
},
{
"criteria": "cpe:2.3:a:abb:compact_hmi:5.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBAA8BAB-F7D7-41EF-9011-211BB060915E"
},
{
"criteria": "cpe:2.3:a:abb:compact_hmi:5.1:feature_pack_4_revision_d:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F8C8D8B-3DD2-4269-A151-6575D81E0853"
},
{
"criteria": "cpe:2.3:a:abb:compact_hmi:5.1:revision_b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80C9557B-25E2-49E7-9CC0-646B9F1613B5"
},
{
"criteria": "cpe:2.3:a:abb:compact_hmi:5.1:revision_d:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51D26A7F-A97A-4A5E-B5CC-7DEAD57F8205"
},
{
"criteria": "cpe:2.3:a:abb:compact_hmi:6.0.1-1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98DF36B0-B85E-474E-889A-BD7B5E6918FE"
},
{
"criteria": "cpe:2.3:a:abb:compact_hmi:6.0.3-2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42CCE362-2A91-4199-8D52-F24EFFA7C33C"
},
{
"criteria": "cpe:2.3:a:abb:control_builder_safe:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BDC5CDB-084E-43D8-8B3A-44081046BEC0"
},
{
"criteria": "cpe:2.3:a:abb:control_builder_safe:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27E57B1E-19DE-4FA4-8E44-39E9DCE1AAC5"
},
{
"criteria": "cpe:2.3:a:abb:control_builder_safe:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB9438BF-271C-4BAC-B10E-1142E3CE8A02"
}
],
"operator": "OR"
}
]
}
]