All the vulnerabilites related to ABB - Symphony Plus S+ Operations
cve-2024-0335
Vulnerability from cvelistv5
Published
2024-04-03 18:53
Modified
2024-09-19 17:35
Severity ?
EPSS score ?
Summary
Malformed Packet Handling
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ABB | Symphony Plus S+ Operations |
Version: 3..0;0 < Version: 2.1;0 < Version: 2.0;0 < |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_operations:3.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_operations",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "3.3_sp1_ru4",
"status": "affected",
"version": "3.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_operations",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "2.1_sp2_ru3",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_operations:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_operations",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "2.0_sp6_tc6",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_engineering:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_engineering",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "2.3_ru3",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:abb:symphony_plus_s\\+_analyst:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symphony_plus_s\\+_analyst",
"vendor": "abb",
"versions": [
{
"lessThanOrEqual": "7.2.0.2",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T14:10:59.134745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T14:31:30.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.3 SP1 RU4",
"status": "affected",
"version": "3..0;0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.1 SP2 RU3",
"status": "affected",
"version": "2.1;0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.0 SP6 TC6",
"status": "affected",
"version": "2.0;0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Symphony Plus S+ Engineering",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.3 RU3",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Symphony Plus S+ Analyst",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "7.2.0.2",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-04-02T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may \nbe used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)\n\n\nThis issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T17:35:29.362Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA002536\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Malformed Packet Handling",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-0335",
"datePublished": "2024-04-03T18:53:25.236Z",
"dateReserved": "2024-01-09T09:25:52.692Z",
"dateUpdated": "2024-09-19T17:35:29.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0228
Vulnerability from cvelistv5
Published
2023-03-02 01:44
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Improper authentication vulnerability in S+ Operations
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | ABB | Symphony Plus S+ Operations |
Version: 2.x < Version: 2.2 Version: 3.x < Version: 3.3 SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA006722\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.1 SP2",
"status": "affected",
"version": "2.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.2"
},
{
"lessThanOrEqual": "3.3 SP1",
"status": "affected",
"version": "3.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.3 SP2"
}
]
}
],
"datePublic": "2023-02-28T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.\u003cp\u003eThis issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T12:14:53.597Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA006722\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper authentication vulnerability in S+ Operations",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0228",
"datePublished": "2023-03-02T01:44:01.106Z",
"dateReserved": "2023-01-12T05:50:16.315Z",
"dateUpdated": "2024-08-02T05:02:43.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8471
Vulnerability from cvelistv5
Published
2020-04-29 01:30
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
ABB Central Licensing System - Weak File Permissions
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ABB | Central Licensing System |
Version: 5.1 < 5* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Licensing System",
"vendor": "ABB",
"versions": [
{
"lessThan": "5*",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "ABB Ability System 800xA",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Compact HMI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.2",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
},
{
"product": "Symphony Plus S+ Engineering ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
},
{
"product": "Composer Harmony",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Composer Melody ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
},
{
"product": "Harmony OPC Server Standalone",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Advant OCS Control Builder A",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "Composer CTK",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
}
]
},
{
"product": "AdvaBuild",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.7 SP1"
},
{
"status": "affected",
"version": "3.7 SP2"
}
]
},
{
"product": "OPC Server for Mod 300 (non-800xA)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "OPC Data Link",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Knowledge Manager",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
},
{
"product": "Manufacturing Operations Management",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1812"
},
{
"status": "affected",
"version": "1909"
}
]
},
{
"product": "Advant OCS AC 100 OPS Server",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-275",
"description": "CWE-275 Permission Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T16:16:51",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Central Licensing System - Weak File Permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8471",
"STATE": "PUBLIC",
"TITLE": "ABB Central Licensing System - Weak File Permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Central Licensing System",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "5",
"version_value": "5.1"
}
]
}
},
{
"product_name": "ABB Ability System 800xA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
}
]
}
},
{
"product_name": "Compact HMI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
}
]
}
},
{
"product_name": "Control Builder Safe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "Symphony Plus S+ Operations",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3",
"version_value": "3.2"
}
]
}
},
{
"product_name": "Symphony Plus S+ Engineering ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.1",
"version_value": "2.2"
}
]
}
},
{
"product_name": "Composer Harmony",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
}
]
}
},
{
"product_name": "Composer Melody ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.3"
},
{
"version_affected": "\u003c=",
"version_name": "6",
"version_value": "6.3"
}
]
}
},
{
"product_name": "Harmony OPC Server Standalone",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
},
{
"version_affected": "=",
"version_value": "7.0"
}
]
}
},
{
"product_name": "Advant OCS Control Builder A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
},
{
"product_name": "Composer CTK",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.1"
},
{
"version_affected": "=",
"version_value": "6.2"
}
]
}
},
{
"product_name": "AdvaBuild",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7 SP1"
},
{
"version_affected": "=",
"version_value": "3.7 SP2"
}
]
}
},
{
"product_name": "OPC Server for Mod 300 (non-800xA)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
},
{
"product_name": "OPC Data Link",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
}
]
}
},
{
"product_name": "Knowledge Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0"
},
{
"version_affected": "=",
"version_value": "9.0"
},
{
"version_affected": "=",
"version_value": "9.1"
}
]
}
},
{
"product_name": "Manufacturing Operations Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1812"
},
{
"version_affected": "=",
"version_value": "1909"
}
]
}
},
{
"product_name": "Advant OCS AC 100 OPS Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275 Permission Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8471",
"datePublished": "2020-04-29T01:30:43",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:44.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8475
Vulnerability from cvelistv5
Published
2020-04-29 00:00
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
ABB Central Licensing System - Denial of Service Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ABB | Central Licensing System |
Version: 5.1 < 5* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Licensing System",
"vendor": "ABB",
"versions": [
{
"lessThan": "5*",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "ABB Ability System 800xA",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Compact HMI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.2",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
},
{
"product": "Symphony Plus S+ Engineering ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
},
{
"product": "Composer Harmony",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Composer Melody ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
},
{
"product": "Harmony OPC Server Standalone",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Advant OCS Control Builder A",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "Composer CTK",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
}
]
},
{
"product": "AdvaBuild",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.7 SP1"
},
{
"status": "affected",
"version": "3.7 SP2"
}
]
},
{
"product": "OPC Server for Mod 300 (non-800xA)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "OPC Data Link",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Knowledge Manager",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
},
{
"product": "Manufacturing Operations Management",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1812"
},
{
"status": "affected",
"version": "1909"
}
]
},
{
"product": "Advant OCS AC 100 OPS Server",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "ABB Ability\u2122 SCADAvantage",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Central Licensing System - Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8475",
"datePublished": "2020-04-29T00:00:00",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:44.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8479
Vulnerability from cvelistv5
Published
2020-04-29 00:00
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
ABB Central Licensing System - XML External Entity Injection
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ABB | Central Licensing System |
Version: 5.1 < 5* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:44.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Licensing System",
"vendor": "ABB",
"versions": [
{
"lessThan": "5*",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "ABB Ability System 800xA",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Compact HMI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.2",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
},
{
"product": "Symphony Plus S+ Engineering ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
},
{
"product": "Composer Harmony",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Composer Melody ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
},
{
"product": "Harmony OPC Server Standalone",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Advant OCS Control Builder A",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "Composer CTK",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
}
]
},
{
"product": "AdvaBuild",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.7 SP1"
},
{
"status": "affected",
"version": "3.7 SP2"
}
]
},
{
"product": "OPC Server for Mod 300 (non-800xA)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "OPC Data Link",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Knowledge Manager",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
},
{
"product": "Manufacturing Operations Management",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1812"
},
{
"status": "affected",
"version": "1909"
}
]
},
{
"product": "Advant OCS AC 100 OPS Server",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "ABB Ability\u2122 SCADAvantage",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Central Licensing System - XML External Entity Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8479",
"datePublished": "2020-04-29T00:00:00",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:44.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8476
Vulnerability from cvelistv5
Published
2020-04-29 00:00
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
ABB Central Licensing System - Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ABB | Central Licensing System |
Version: 5.1 < 5* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Licensing System",
"vendor": "ABB",
"versions": [
{
"lessThan": "5*",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "ABB Ability System 800xA",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Compact HMI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.2",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
},
{
"product": "Symphony Plus S+ Engineering ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
},
{
"product": "Composer Harmony",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Composer Melody ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
},
{
"product": "Harmony OPC Server Standalone",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Advant OCS Control Builder A",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "Composer CTK",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
}
]
},
{
"product": "AdvaBuild",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.7 SP1"
},
{
"status": "affected",
"version": "3.7 SP2"
}
]
},
{
"product": "OPC Server for Mod 300 (non-800xA)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "OPC Data Link",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Knowledge Manager",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
},
{
"product": "Manufacturing Operations Management",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1812"
},
{
"status": "affected",
"version": "1909"
}
]
},
{
"product": "Advant OCS AC 100 OPS Server",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "ABB Ability\u2122 SCADAvantage",
"vendor": "ABB",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Central Licensing System - Elevation of Privilege Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8476",
"datePublished": "2020-04-29T00:00:00",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8481
Vulnerability from cvelistv5
Published
2020-04-29 01:30
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
ABB Central Licensing System - Information disclosure
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ABB | Central Licensing System |
Version: 5.1 < 5* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Central Licensing System",
"vendor": "ABB",
"versions": [
{
"lessThan": "5*",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "ABB Ability System 800xA",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Compact HMI",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
}
]
},
{
"product": "Control Builder Safe",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "Symphony Plus S+ Operations",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "3.2",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
},
{
"product": "Symphony Plus S+ Engineering ",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.1",
"versionType": "custom"
}
]
},
{
"product": "Composer Harmony",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
},
{
"product": "Composer Melody ",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "6",
"versionType": "custom"
}
]
},
{
"product": "Harmony OPC Server Standalone",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"product": "Advant OCS Control Builder A",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "Composer CTK",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
}
]
},
{
"product": "AdvaBuild",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "3.7 SP1"
},
{
"status": "affected",
"version": "3.7 SP2"
}
]
},
{
"product": "OPC Server for Mod 300 (non-800xA)",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
},
{
"product": "OPC Data Link",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
},
{
"product": "Knowledge Manager",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.1"
}
]
},
{
"product": "Manufacturing Operations Management",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "1812"
},
{
"status": "affected",
"version": "1909"
}
]
},
{
"product": "Advant OCS AC 100 OPS Server",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T01:30:56",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB Central Licensing System - Information disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8481",
"STATE": "PUBLIC",
"TITLE": "ABB Central Licensing System - Information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Central Licensing System",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "5",
"version_value": "5.1"
}
]
}
},
{
"product_name": "ABB Ability System 800xA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
}
]
}
},
{
"product_name": "Compact HMI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
}
]
}
},
{
"product_name": "Control Builder Safe",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
},
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "Symphony Plus S+ Operations",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3",
"version_value": "3.2"
}
]
}
},
{
"product_name": "Symphony Plus S+ Engineering ",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.1",
"version_value": "2.2"
}
]
}
},
{
"product_name": "Composer Harmony",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
}
]
}
},
{
"product_name": "Composer Melody ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.3"
},
{
"version_affected": "\u003c=",
"version_name": "6",
"version_value": "6.3"
}
]
}
},
{
"product_name": "Harmony OPC Server Standalone",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
},
{
"version_affected": "=",
"version_value": "7.0"
}
]
}
},
{
"product_name": "Advant OCS Control Builder A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3"
},
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
},
{
"product_name": "Composer CTK",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.1"
},
{
"version_affected": "=",
"version_value": "6.2"
}
]
}
},
{
"product_name": "AdvaBuild",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.7 SP1"
},
{
"version_affected": "=",
"version_value": "3.7 SP2"
}
]
}
},
{
"product_name": "OPC Server for Mod 300 (non-800xA)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
},
{
"product_name": "OPC Data Link",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1"
},
{
"version_affected": "=",
"version_value": "2.2"
}
]
}
},
{
"product_name": "Knowledge Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0"
},
{
"version_affected": "=",
"version_value": "9.0"
},
{
"version_affected": "=",
"version_value": "9.1"
}
]
}
},
{
"product_name": "Manufacturing Operations Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1812"
},
{
"version_affected": "=",
"version_value": "1909"
}
]
}
},
{
"product_name": "Advant OCS AC 100 OPS Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.1"
},
{
"version_affected": "=",
"version_value": "6.0"
},
{
"version_affected": "=",
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8481",
"datePublished": "2020-04-29T01:30:56",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}