CNVD-2020-32228
Vulnerability from cnvd - Published: 2020-06-10
VLAI Severity ?
Title
多款ABB产品信息泄露漏洞
Description
ABB Ability System 800xA等都是瑞士ABB公司的产品。ABB Ability System 800xA是一套用于工控行业的分布式控制系统。ABB Compact HMI是一套监控和数据采集系统。ABB Control Builder Safe是一款用于配置和下载AC 800M High Integrity安全应用程序的工程工具。
多款ABB产品中存在信息泄露漏洞,该漏洞源于程序将敏感信息写入到未被保护的文件,攻击者可利用该漏洞完全控制设备。
Severity
高
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://new.abb.com/
Reference
https://www.us-cert.gov/ics/advisories/icsa-20-154-04
Impacted products
| Name | ['ABB OPCServer for AC800M <=6.0', 'ABB Control Builder Mprofessional <=6.0', 'ABB MMSServer for AC800M <=6.0', 'ABB Base Software for SoftControl <=6.0', 'ABB Ability System 800xA and related system extensions 5.1', 'ABB Ability System 800xA and related system extensions 6.0', 'ABB Ability System 800xA and related system extensions 6.1', 'ABB Compact HMI 5.1', 'ABB Compact HMI 6.0', 'ABB Control Builder Safe 1.0', 'ABB Control Builder Safe 1.1', 'ABB Control Builder Safe 2.0', 'ABB Ability Symphony Plus – S+ Operations >=3.0,<=3.2', 'ABB Ability Symphony Plus – S+ Engineering >=1.1,<=2.2', 'ABB Composer Harmony 5.1', 'ABB Composer Harmony 6.0', 'ABB Composer Harmony 6.1', 'ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 5.3', 'ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 6.1', 'ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 6.2', 'ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 6.3', 'ABB Harmony OPC Server (HAOPC) 6.0', 'ABB Harmony OPC Server (HAOPC) 6.1', 'ABB Harmony OPC Server (HAOPC) 7.0', 'ABB Ability System 800xA / Advant OCS Control Builder A 1.3', 'ABB Ability System 800xA / Advant OCS Control Builder A 1.4', 'ABB Advant OCS AC 100 OPC Server 5.1', 'ABB Advant OCS AC 100 OPC Server 6.0', 'ABB Advant OCS AC 100 OPC Server 6.1', 'ABB Composer CTK 6.1', 'ABB Composer CTK 6.2', 'ABB AdvaBuild 3.7 SP1', 'ABB AdvaBuild 3.7 SP2', 'ABB OPC Server MOD 300 (non-800xA) 1.4', 'ABB OPC Data Link 2.1', 'ABB OPC Data Link 2.2', 'ABB Ability Knowledge Manager 8.0', 'ABB Ability Knowledge Manager 9.0', 'ABB Ability Knowledge Manager 9.1', 'ABB Ability Manufacturing Operations Management 1812', 'ABB Ability Manufacturing Operations Management 1909'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-8481"
}
},
"description": "ABB Ability System 800xA\u7b49\u90fd\u662f\u745e\u58ebABB\u516c\u53f8\u7684\u4ea7\u54c1\u3002ABB Ability System 800xA\u662f\u4e00\u5957\u7528\u4e8e\u5de5\u63a7\u884c\u4e1a\u7684\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\u3002ABB Compact HMI\u662f\u4e00\u5957\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\u7cfb\u7edf\u3002ABB Control Builder Safe\u662f\u4e00\u6b3e\u7528\u4e8e\u914d\u7f6e\u548c\u4e0b\u8f7dAC 800M High Integrity\u5b89\u5168\u5e94\u7528\u7a0b\u5e8f\u7684\u5de5\u7a0b\u5de5\u5177\u3002\n\n\u591a\u6b3eABB\u4ea7\u54c1\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u654f\u611f\u4fe1\u606f\u5199\u5165\u5230\u672a\u88ab\u4fdd\u62a4\u7684\u6587\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b8c\u5168\u63a7\u5236\u8bbe\u5907\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://new.abb.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-32228",
"openTime": "2020-06-10",
"products": {
"product": [
"ABB OPCServer for AC800M \u003c=6.0",
"ABB Control Builder Mprofessional \u003c=6.0",
"ABB MMSServer for AC800M \u003c=6.0",
"ABB Base Software for SoftControl \u003c=6.0",
"ABB Ability System 800xA and related system extensions 5.1",
"ABB Ability System 800xA and related system extensions 6.0",
"ABB Ability System 800xA and related system extensions 6.1",
"ABB Compact HMI 5.1",
"ABB Compact HMI 6.0",
"ABB Control Builder Safe 1.0",
"ABB Control Builder Safe 1.1",
"ABB Control Builder Safe 2.0",
"ABB Ability Symphony Plus \u2013 S+ Operations \u003e=3.0\uff0c\u003c=3.2",
"ABB Ability Symphony Plus \u2013 S+ Engineering \u003e=1.1\uff0c\u003c=2.2",
"ABB Composer Harmony 5.1",
"ABB Composer Harmony 6.0",
"ABB Composer Harmony 6.1",
"ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 5.3",
"ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 6.1",
"ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 6.2",
"ABB Composer Melody (incl. SPE for Melody 1.0 SPx) 6.3",
"ABB Harmony OPC Server (HAOPC) 6.0",
"ABB Harmony OPC Server (HAOPC) 6.1",
"ABB Harmony OPC Server (HAOPC) 7.0",
"ABB Ability System 800xA / Advant OCS Control Builder A 1.3",
"ABB Ability System 800xA / Advant OCS Control Builder A 1.4",
"ABB Advant OCS AC 100 OPC Server 5.1",
"ABB Advant OCS AC 100 OPC Server 6.0",
"ABB Advant OCS AC 100 OPC Server 6.1",
"ABB Composer CTK 6.1",
"ABB Composer CTK 6.2",
"ABB AdvaBuild 3.7 SP1",
"ABB AdvaBuild 3.7 SP2",
"ABB OPC Server MOD 300 (non-800xA) 1.4",
"ABB OPC Data Link 2.1",
"ABB OPC Data Link 2.2",
"ABB Ability Knowledge Manager 8.0",
"ABB Ability Knowledge Manager 9.0",
"ABB Ability Knowledge Manager 9.1",
"ABB Ability Manufacturing Operations Management 1812",
"ABB Ability Manufacturing Operations Management 1909"
]
},
"referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04",
"serverity": "\u9ad8",
"submitTime": "2020-04-29",
"title": "\u591a\u6b3eABB\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…