CVE-2020-8476
Published Apr 29, 2020
Last updated 2 years ago
Overview
- Description
- For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service.
- Source
- cybersecurity@ch.abb.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "342DDBC9-9FD6-4B34-AE9D-570173A28ECE" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:feature_pack_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A050979-A994-49BD-9B8A-2CE8D1A21E1D" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:feature_pack_4_revision_d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12AEB479-DF30-4E2E-A384-0420176B7DDD" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF8C28D-4058-47E2-B540-7CA70702D659" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81955875-0A94-45A7-B006-976555BAAA4C" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2F9226C-1D0B-42FC-AF3D-7C887B1B4CB9" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77831051-E99E-48D3-8064-8F46FDB1D8B2" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_e:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1599944B-B135-4749-99D3-67A0A57D391B" }, { "criteria": "cpe:2.3:a:abb:800xa_system:5.1:revision_e_feature_pack_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD664F9-E4EF-4470-9D28-724769D725CB" }, { "criteria": "cpe:2.3:a:abb:800xa_system:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA233139-3C36-4FAC-8C00-07C2993CE76D" }, { "criteria": "cpe:2.3:a:abb:800xa_system:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9BF94DB-5305-4377-839B-F881EE66E831" }, { "criteria": "cpe:2.3:a:abb:800xa_system:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BD4D1B8-27CE-46AC-ABD0-1D8450CB07EB" }, { "criteria": "cpe:2.3:a:abb:800xa_system:6.0.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C9941D-F127-40A1-BFA4-C8D243465C4B" }, { "criteria": "cpe:2.3:a:abb:800xa_system:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADABF9B1-0CD4-45D5-8A27-62ADB848718A" }, { "criteria": "cpe:2.3:a:abb:compact_hmi:5.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBAA8BAB-F7D7-41EF-9011-211BB060915E" }, { "criteria": "cpe:2.3:a:abb:compact_hmi:5.1:feature_pack_4_revision_d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F8C8D8B-3DD2-4269-A151-6575D81E0853" }, { "criteria": "cpe:2.3:a:abb:compact_hmi:5.1:revision_b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C9557B-25E2-49E7-9CC0-646B9F1613B5" }, { "criteria": "cpe:2.3:a:abb:compact_hmi:5.1:revision_d:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51D26A7F-A97A-4A5E-B5CC-7DEAD57F8205" }, { "criteria": "cpe:2.3:a:abb:compact_hmi:6.0.1-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98DF36B0-B85E-474E-889A-BD7B5E6918FE" }, { "criteria": "cpe:2.3:a:abb:compact_hmi:6.0.3-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42CCE362-2A91-4199-8D52-F24EFFA7C33C" }, { "criteria": "cpe:2.3:a:abb:control_builder_safe:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDC5CDB-084E-43D8-8B3A-44081046BEC0" }, { "criteria": "cpe:2.3:a:abb:control_builder_safe:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27E57B1E-19DE-4FA4-8E44-39E9DCE1AAC5" }, { "criteria": "cpe:2.3:a:abb:control_builder_safe:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB9438BF-271C-4BAC-B10E-1142E3CE8A02" } ], "operator": "OR" } ] } ]