Search criteria
4 vulnerabilities found for System 800xA Information Manager by ABB
VAR-202004-2159
Vulnerability from variot - Updated: 2023-12-18 13:51The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. ABB System 800xA Information Manager Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system supports access to real-time and historical information of all applications in the automation system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system 800xa information manager",
"scope": "eq",
"trust": 2.0,
"vendor": "abb",
"version": "6.1"
},
{
"model": null,
"scope": "eq",
"trust": 1.8,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa information manager",
"scope": "eq",
"trust": 1.4,
"vendor": "abb",
"version": "5.1"
},
{
"model": "800xa information manager",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.3.2"
},
{
"model": "800xa information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "5.1"
},
{
"model": "800xa information manager",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0"
},
{
"model": "800xa information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "abb",
"version": "6.1"
},
{
"model": "system 800xa information manager",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "6.0 \u304b\u3089 6.0.3.2"
},
{
"model": "system 800xa information manager",
"scope": "eq",
"trust": 0.6,
"vendor": "abb",
"version": "5.1*"
},
{
"model": "system 800xa information manager",
"scope": "gte",
"trust": 0.6,
"vendor": "abb",
"version": "6.0\u003c=6.0.3.2"
},
{
"model": "system 800xa information manager",
"scope": "gte",
"trust": 0.6,
"vendor": "abb",
"version": "6.0,\u003c=6.0.3.2"
}
],
"sources": [
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"db": "NVD",
"id": "CVE-2020-8477"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:800xa_information_manager:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:800xa_information_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.3.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:800xa_information_manager:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8477"
}
]
},
"cve": "CVE-2020-8477",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004735",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-25013",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "12e913e3-3031-4345-a042-2b0d4eacb530",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "860e432b-063b-4999-a116-57846b798bf8",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-186602",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004735",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8477",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8477",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004735",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25013",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1906",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186602",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"db": "VULHUB",
"id": "VHN-186602"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. ABB System 800xA Information Manager Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system supports access to real-time and historical information of all applications in the automation system",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"db": "VULHUB",
"id": "VHN-186602"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8477",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-20-184-02",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-25013",
"trust": 1.3
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1906",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU96482880",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2295",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46753",
"trust": 0.6
},
{
"db": "IVD",
"id": "12E913E3-3031-4345-A042-2B0D4EACB530",
"trust": 0.2
},
{
"db": "IVD",
"id": "D08F5232-65F7-48CD-A26B-3ED5516B140F",
"trust": 0.2
},
{
"db": "IVD",
"id": "860E432B-063B-4999-A116-57846B798BF8",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186602",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"db": "VULHUB",
"id": "VHN-186602"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1906"
}
]
},
"id": "VAR-202004-2159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"db": "VULHUB",
"id": "VHN-186602"
}
],
"trust": 2.08571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"db": "CNVD",
"id": "CNVD-2020-25013"
}
]
},
"last_update_date": "2023-12-18T13:51:55.072000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY System 800xA InformationManager - Remote Code Execution",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121232\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186602"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"db": "NVD",
"id": "CVE-2020-8477"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8477"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121232\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8477"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96482880/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46753"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2295/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121232\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"db": "VULHUB",
"id": "VHN-186602"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"db": "VULHUB",
"id": "VHN-186602"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-22T00:00:00",
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"date": "2020-04-22T00:00:00",
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"date": "2020-04-22T00:00:00",
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
},
{
"date": "2020-04-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"date": "2020-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-186602"
},
{
"date": "2020-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"date": "2020-04-22T15:15:14.863000",
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25013"
},
{
"date": "2020-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-186602"
},
{
"date": "2020-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004735"
},
{
"date": "2020-04-30T20:27:07.033000",
"db": "NVD",
"id": "CVE-2020-8477"
},
{
"date": "2020-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1906"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB System 800xA Information Manager Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "12e913e3-3031-4345-a042-2b0d4eacb530"
},
{
"db": "IVD",
"id": "d08f5232-65f7-48cd-a26b-3ed5516b140f"
},
{
"db": "IVD",
"id": "860e432b-063b-4999-a116-57846b798bf8"
}
],
"trust": 0.6
}
}
VAR-202004-2168
Vulnerability from variot - Updated: 2023-12-18 11:58Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. ABB System 800xA Information Management There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system provides intelligent data access functions that can access real-time and historical information of all applications in the extended automation system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "800xa information management",
"scope": "eq",
"trust": 1.1,
"vendor": "abb",
"version": "*"
},
{
"model": "system 800xa information manager",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": "system 800xa information management",
"scope": null,
"trust": 0.6,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa information management",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"db": "VULMON",
"id": "CVE-2020-8489"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"db": "NVD",
"id": "CVE-2020-8489"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:800xa_information_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8489"
}
]
},
"cve": "CVE-2020-8489",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005104",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-27098",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186614",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8489",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005104",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8489",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8489",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005104",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27098",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-2376",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186614",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8489",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"db": "VULHUB",
"id": "VHN-186614"
},
{
"db": "VULMON",
"id": "CVE-2020-8489"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. ABB System 800xA Information Management There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The system provides intelligent data access functions that can access real-time and historical information of all applications in the extended automation system",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"db": "VULHUB",
"id": "VHN-186614"
},
{
"db": "VULMON",
"id": "CVE-2020-8489"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8489",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-03",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-27098",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2376",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005104",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1923",
"trust": 0.6
},
{
"db": "IVD",
"id": "24D10332-4A66-4ACB-BD79-583F12D2DDF0",
"trust": 0.2
},
{
"db": "IVD",
"id": "9A6D8FCB-222A-4A01-A1E3-067966E75BF5",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186614",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8489",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"db": "VULHUB",
"id": "VHN-186614"
},
{
"db": "VULMON",
"id": "CVE-2020-8489"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
]
},
"id": "VAR-202004-2168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"db": "VULHUB",
"id": "VHN-186614"
}
],
"trust": 1.8678571350000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"db": "CNVD",
"id": "CNVD-2020-27098"
}
]
},
"last_update_date": "2023-12-18T11:58:27.899000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY Interprocess communication vulnerability in System 800xA",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"db": "NVD",
"id": "CVE-2020-8489"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8489"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8489"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1923/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121236\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"db": "VULHUB",
"id": "VHN-186614"
},
{
"db": "VULMON",
"id": "CVE-2020-8489"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"db": "VULHUB",
"id": "VHN-186614"
},
{
"db": "VULMON",
"id": "CVE-2020-8489"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "24d10332-4a66-4acb-bd79-583f12d2ddf0"
},
{
"date": "2020-04-28T00:00:00",
"db": "IVD",
"id": "9a6d8fcb-222a-4a01-a1e3-067966e75bf5"
},
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-186614"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8489"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"date": "2020-04-29T02:15:12.513000",
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"date": "2020-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27098"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-186614"
},
{
"date": "2020-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8489"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005104"
},
{
"date": "2020-05-08T17:19:03.060000",
"db": "NVD",
"id": "CVE-2020-8489"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB System 800xA Information Management Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005104"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-2376"
}
],
"trust": 0.6
}
}
CVE-2020-8477 (GCVE-0-2020-8477)
Vulnerability from cvelistv5 – Published: 2020-04-22 14:46 – Updated: 2024-08-04 10:03
VLAI?
Summary
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.
Severity ?
8.8 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | System 800xA Information Manager |
Affected:
5 , ≤ 5.1
(custom)
Affected: 6.0 , ≤ 6.0.3.2 (custom) Affected: 6.1 , < 6.1* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System 800xA Information Manager",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.3.2",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "6.1*",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:46:23",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Information Manager Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8477",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Information Manager Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System 800xA Information Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5",
"version_value": "5.1"
},
{
"version_affected": "\u003c=",
"version_name": "6.0",
"version_value": "6.0.3.2"
},
{
"version_affected": "\u003e=",
"version_name": "6.1",
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8477",
"datePublished": "2020-04-22T14:46:23",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8477 (GCVE-0-2020-8477)
Vulnerability from nvd – Published: 2020-04-22 14:46 – Updated: 2024-08-04 10:03
VLAI?
Summary
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.
Severity ?
8.8 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | System 800xA Information Manager |
Affected:
5 , ≤ 5.1
(custom)
Affected: 6.0 , ≤ 6.0.3.2 (custom) Affected: 6.1 , < 6.1* (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System 800xA Information Manager",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.3.2",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "6.1*",
"status": "affected",
"version": "6.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-22T14:46:23",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ABB System 800xA Information Manager Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-8477",
"STATE": "PUBLIC",
"TITLE": "ABB System 800xA Information Manager Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System 800xA Information Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5",
"version_value": "5.1"
},
{
"version_affected": "\u003c=",
"version_name": "6.0",
"version_value": "6.0.3.2"
},
{
"version_affected": "\u003e=",
"version_name": "6.1",
"version_value": "6.1"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "MISC",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-8477",
"datePublished": "2020-04-22T14:46:23",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}