Search criteria
12 vulnerabilities found for 800xa by abb
VAR-202204-1451
Vulnerability from variot - Updated: 2023-12-18 12:34Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. System 800xA , BaseSoftware , compact product suite etc. multiple ABB The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-3"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-0"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "800xa",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-4"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.0-0"
},
{
"model": "800xa",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "800xa",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-2"
},
{
"model": "control builder safe",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "3.0"
},
{
"model": "compact product suite",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-0"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-3"
},
{
"model": "800xa",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-1"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.1-4"
},
{
"model": "base software",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "5.1.0-3"
},
{
"model": "compact product suite",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.1.1-1"
},
{
"model": "base software",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0-0"
},
{
"model": "control builder safe",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "compact product suite",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "basesoftware",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0-3",
"versionStartIncluding": "5.1.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"cpe_name": [],
"versionEndIncluding": "5.1.1-4",
"versionStartIncluding": "5.1.1-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"cpe_name": [],
"versionEndExcluding": "6.0.0-4",
"versionStartIncluding": "6.0.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"cpe_name": [],
"versionEndExcluding": "6.1.1-2",
"versionStartIncluding": "6.1.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0-3",
"versionStartIncluding": "5.1.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.1-4",
"versionStartIncluding": "5.1.1-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.0-3",
"versionStartIncluding": "6.0.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.1-1",
"versionStartIncluding": "6.1.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0-3",
"versionStartIncluding": "5.1.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.1-4",
"versionStartIncluding": "5.1.1-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.0-3",
"versionStartIncluding": "6.0.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.1-1",
"versionStartIncluding": "6.1.0-0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:control_builder_safe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"cve": "CVE-2021-22277",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22277",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-380712",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22277",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22277",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2021-22277",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-1832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-380712",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service. System 800xA , BaseSoftware , compact product suite etc. multiple ABB The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "VULHUB",
"id": "VHN-380712"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22277",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-380712",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"id": "VAR-202204-1451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
}
],
"trust": 0.37777780000000005
},
"last_update_date": "2023-12-18T12:34:30.804000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ABB System 800xA Base Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=188574"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://search.abb.com/library/download.aspx?documentid=7paa001499\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22277"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-22277/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=7paa001499\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380712"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-380712"
},
{
"date": "2023-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"date": "2022-04-01T23:15:08.833000",
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-380712"
},
{
"date": "2023-07-19T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-019223"
},
{
"date": "2022-04-11T14:54:51.233000",
"db": "NVD",
"id": "CVE-2021-22277"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ABB\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1832"
}
],
"trust": 0.6
}
}
VAR-202004-2164
Vulnerability from variot - Updated: 2023-12-18 11:58Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. MOD 300 for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for MOD 300 is a set of distributed control system for MOD 300 of Swiss ABB company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa for mod",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "300"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:mod_300:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"cve": "CVE-2020-8485",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005047",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005047",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8485",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8485",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005047",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2372",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186610",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. MOD 300 for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for MOD 300 is a set of distributed control system for MOD 300 of Swiss ABB company",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8485",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27094",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "A95FE2E9-2AD9-4397-ACEE-B75AEA6365AA",
"trust": 0.2
},
{
"db": "IVD",
"id": "58F66F62-2F58-4515-806D-A715CBB1ED80",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186610",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8485",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
]
},
"id": "VAR-202004-2164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
}
]
},
"last_update_date": "2023-12-18T11:58:27.639000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Interprocess communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8485"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8485"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"db": "VULHUB",
"id": "VHN-186610"
},
{
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "a95fe2e9-2ad9-4397-acee-b75aea6365aa"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "58f66f62-2f58-4515-806d-a715cbb1ed80"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186610"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"date": "2020-04-29T02:15:12.203000",
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27094"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-186610"
},
{
"date": "2020-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8485"
},
{
"date": "2020-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005047"
},
{
"date": "2020-05-07T21:02:23.927000",
"db": "NVD",
"id": "CVE-2020-8485"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOD 300 for ABB System 800xA Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005047"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2372"
}
],
"trust": 0.6
}
}
VAR-202004-2163
Vulnerability from variot - Updated: 2023-12-18 11:58Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. DCI for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for DCI is a set of distributed control system for DCI of Swiss ABB company.
ABB System 800xA for DCI (all versions) has a permission permission and access control problem vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa for dci",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:dci:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"cve": "CVE-2020-8484",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005101",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186609",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005101",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8484",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005101",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2371",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186609",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8484",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. DCI for ABB System 800xA There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA for DCI is a set of distributed control system for DCI of Swiss ABB company. \n\r\n\r\nABB System 800xA for DCI (all versions) has a permission permission and access control problem vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8484",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27093",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "E609A386-F11A-4898-9A3B-E88BBB68E47E",
"trust": 0.2
},
{
"db": "IVD",
"id": "EC013E68-1DD8-40C6-909F-CEA3C685A26E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186609",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8484",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
]
},
"id": "VAR-202004-2163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
}
]
},
"last_update_date": "2023-12-18T11:58:27.828000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Interprocess communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8484"
},
{
"trust": 1.7,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8484"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"db": "VULHUB",
"id": "VHN-186609"
},
{
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "e609a386-f11a-4898-9a3b-e88bbb68e47e"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "ec013e68-1dd8-40c6-909f-cea3c685a26e"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186609"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"date": "2020-04-29T02:15:12.013000",
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27093"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-186609"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8484"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005101"
},
{
"date": "2020-05-08T16:30:00.937000",
"db": "NVD",
"id": "CVE-2020-8484"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DCI for ABB System 800xA Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005101"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2371"
}
],
"trust": 0.6
}
}
FKIE_CVE-2021-22277
Vulnerability from fkie_nvd - Published: 2022-04-01 23:15 - Updated: 2024-11-21 05:49
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | 800xa | * | |
| abb | 800xa | * | |
| abb | 800xa | * | |
| abb | 800xa | * | |
| abb | base_software | * | |
| abb | base_software | * | |
| abb | base_software | * | |
| abb | base_software | * | |
| abb | compact_product_suite | * | |
| abb | compact_product_suite | * | |
| abb | compact_product_suite | * | |
| abb | compact_product_suite | * | |
| abb | control_builder_safe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"matchCriteriaId": "34405B51-759E-40EF-B267-D2C543516E88",
"versionEndIncluding": "5.1.0-3",
"versionStartIncluding": "5.1.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"matchCriteriaId": "E60385EF-68B6-457C-8866-4FF873E479DD",
"versionEndIncluding": "5.1.1-4",
"versionStartIncluding": "5.1.1-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"matchCriteriaId": "FC945CEA-6412-489A-B4FB-603F9155171F",
"versionEndExcluding": "6.0.0-4",
"versionStartIncluding": "6.0.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:ac_800m:*",
"matchCriteriaId": "A586F45F-D257-48B9-B51E-2595C4244058",
"versionEndExcluding": "6.1.1-2",
"versionStartIncluding": "6.1.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"matchCriteriaId": "978185F8-0B75-4148-A71D-CD0BD27DC33D",
"versionEndIncluding": "5.1.0-3",
"versionStartIncluding": "5.1.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"matchCriteriaId": "7742BF26-14B5-4357-AAB2-9CA978AE40FA",
"versionEndIncluding": "5.1.1-4",
"versionStartIncluding": "5.1.1-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"matchCriteriaId": "5A9496BF-861D-406B-9C20-1EB06B29FFBF",
"versionEndIncluding": "6.0.0-3",
"versionStartIncluding": "6.0.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
"matchCriteriaId": "9E030201-1CA1-4213-991B-8D232A479F71",
"versionEndIncluding": "6.1.1-1",
"versionStartIncluding": "6.1.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A9DB73-0A59-4E23-86A8-0845CE70D165",
"versionEndIncluding": "5.1.0-3",
"versionStartIncluding": "5.1.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79270ECE-68F0-4A2E-B5E3-15B40793D772",
"versionEndIncluding": "5.1.1-4",
"versionStartIncluding": "5.1.1-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F70CD9-38FB-4D91-A0E6-4DBAE8E90FA1",
"versionEndIncluding": "6.0.0-3",
"versionStartIncluding": "6.0.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:compact_product_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEBFB13-EFCB-4026-86D9-78D3AA8F18BF",
"versionEndIncluding": "6.1.1-1",
"versionStartIncluding": "6.1.0-0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:control_builder_safe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8378E7C7-72FA-45C5-847C-63CCC0527C72",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en ABB 800xA, Software de control para AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl permite a un atacante causar la denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-22277",
"lastModified": "2024-11-21T05:49:49.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:08.833",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8484
Vulnerability from fkie_nvd - Published: 2020-04-29 02:15 - Updated: 2024-11-21 05:38
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:dci:*",
"matchCriteriaId": "5DC37349-62EE-4CAF-9792-1749F87044E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
},
{
"lang": "es",
"value": "Una protecci\u00f3n insuficiente de las funciones de comunicaci\u00f3n entre procesos en ABB System 800xA para DCI (todas las versiones publicadas), permite a un atacante autentificado en el sistema local inyectar datos, permitiendo leer y escribir en los controladores o causar que los procesos de Windows se bloqueen."
}
],
"id": "CVE-2020-8484",
"lastModified": "2024-11-21T05:38:55.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T02:15:12.013",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8485
Vulnerability from fkie_nvd - Published: 2020-04-29 02:15 - Updated: 2024-11-21 05:38
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:800xa:*:*:*:*:*:*:mod_300:*",
"matchCriteriaId": "F0A34B66-5DA2-4BDD-A5E0-2BF15D58354C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
},
{
"lang": "es",
"value": "Una protecci\u00f3n insuficiente de las funciones de comunicaci\u00f3n entre procesos en ABB System 800xA para MOD 300 (todas las versiones publicadas), permite a un atacante autentificado en el sistema local inyectar datos, permitiendo leer y escribir en los controladores o causar que los procesos de Windows se bloqueen."
}
],
"id": "CVE-2020-8485",
"lastModified": "2024-11-21T05:38:55.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T02:15:12.203",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-22277 (GCVE-0-2021-22277)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-09-17 01:41
VLAI?
Title
AC 800M MMS - Denial of Service vulnerability in MMS communication
Summary
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | 800xA, Control Software for AC 800M |
Affected:
5.1.0-0 , < unspecified
(custom)
Affected: unspecified , ≤ 5.1.0-3 (custom) Affected: 5.1.1-0 , < unspecified (custom) Affected: unspecified , ≤ 5.1.1-4 (custom) Affected: 6.0.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.0.0-3 (custom) Affected: 6.1.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.1.1-1 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA, Control Software for AC 800M",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.x"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "Compact Product Suite - Control and I/O",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ABB Base Software for SoftControl",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2022-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:43",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC 800M MMS - Denial of Service vulnerability in MMS communication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-02-17T10:33:00.000Z",
"ID": "CVE-2021-22277",
"STATE": "PUBLIC",
"TITLE": "AC 800M MMS - Denial of Service vulnerability in MMS communication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA, Control Software for AC 800M",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "Control Builder Safe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.x"
},
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
},
{
"product_name": "Compact Product Suite - Control and I/O",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "ABB Base Software for SoftControl",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22277",
"datePublished": "2022-04-01T22:17:43.044264Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:41:41.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8485 (GCVE-0-2020-8485)
Vulnerability from cvelistv5 – Published: 2020-04-29 01:59 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for MOD300 |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for MOD300",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:59:04",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8485",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for MOD300",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8485",
"datePublished": "2020-04-29T01:59:04",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8484 (GCVE-0-2020-8484)
Vulnerability from cvelistv5 – Published: 2020-04-29 01:58 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for DCI
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for DCI |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for DCI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:58:57",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8484",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for DCI",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8484",
"datePublished": "2020-04-29T01:58:57",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22277 (GCVE-0-2021-22277)
Vulnerability from nvd – Published: 2022-04-01 22:17 – Updated: 2024-09-17 01:41
VLAI?
Title
AC 800M MMS - Denial of Service vulnerability in MMS communication
Summary
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | 800xA, Control Software for AC 800M |
Affected:
5.1.0-0 , < unspecified
(custom)
Affected: unspecified , ≤ 5.1.0-3 (custom) Affected: 5.1.1-0 , < unspecified (custom) Affected: unspecified , ≤ 5.1.1-4 (custom) Affected: 6.0.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.0.0-3 (custom) Affected: 6.1.0-0 , < unspecified (custom) Affected: unspecified , ≤ 6.1.1-1 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA, Control Software for AC 800M",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.x"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "3.0"
}
]
},
{
"product": "Compact Product Suite - Control and I/O",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ABB Base Software for SoftControl",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1.1-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.1-4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.0.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.0-3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "6.1.0-0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.1-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2022-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:43",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC 800M MMS - Denial of Service vulnerability in MMS communication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2022-02-17T10:33:00.000Z",
"ID": "CVE-2021-22277",
"STATE": "PUBLIC",
"TITLE": "AC 800M MMS - Denial of Service vulnerability in MMS communication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA, Control Software for AC 800M",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "Control Builder Safe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.x"
},
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
},
{
"product_name": "Compact Product Suite - Control and I/O",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
},
{
"product_name": "ABB Base Software for SoftControl",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "5.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "5.1.1-0"
},
{
"version_affected": "\u003c=",
"version_value": "5.1.1-4"
},
{
"version_affected": "\u003e=",
"version_value": "6.0.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.0.0-3"
},
{
"version_affected": "\u003e=",
"version_value": "6.1.0-0"
},
{
"version_affected": "\u003c=",
"version_value": "6.1.1-1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ABB thanks the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. in China for helping to identify the vulnerabilities and protecting our customers."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA001499\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2021-22277",
"datePublished": "2022-04-01T22:17:43.044264Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:41:41.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8485 (GCVE-0-2020-8485)
Vulnerability from nvd – Published: 2020-04-29 01:59 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for MOD300 |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for MOD300",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:59:04",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8485",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for MOD300",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8485",
"datePublished": "2020-04-29T01:59:04",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8484 (GCVE-0-2020-8484)
Vulnerability from nvd – Published: 2020-04-29 01:58 – Updated: 2024-08-04 10:03
VLAI?
Title
ABB System 800xA Inter process communication vulnerability - 800xA for DCI
Summary
Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
Severity ?
7.8 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | 800xA for DCI |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "800xA for DCI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:58:57",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8484",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Inter process communication vulnerability - 800xA for DCI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "800xA for DCI",
"version": {
"version_data": [
{
"version_affected": "undefined",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8484",
"datePublished": "2020-04-29T01:58:57",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}