CVE-2020-11640 (GCVE-0-2020-11640)

Vulnerability from cvelistv5 – Published: 2024-07-23 17:36 – Updated: 2024-08-04 11:35
VLAI?
Summary
AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables.  Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-269 - Improper Privilege Management
Assigner
ABB
References
Impacted products
Vendor Product Version
ABB Advant MOD 300 AdvaBuild Affected: 3.0 , ≤ 3.7 SP2 (update)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:abb:advabuild:*:*:*:*:*:*:mod_300:*"
            ],
            "defaultStatus": "unknown",
            "product": "advabuild",
            "vendor": "abb",
            "versions": [
              {
                "lessThanOrEqual": "3.7sp2",
                "status": "affected",
                "version": "3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-11640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T18:09:49.474898Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T19:00:53.120Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Advant MOD 300 AdvaBuild",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.7 SP2",
              "status": "affected",
              "version": "3.0",
              "versionType": "update"
            }
          ]
        }
      ],
      "datePublic": "2024-07-22T17:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nAdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the\ncommand queue can use it to launch an attack by running any executable on the AdvaBuild node. The\nexecutables that can be run are not limited to AdvaBuild specific executables.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eImproper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.\u003cp\u003eThis issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.\u003c/p\u003e"
            }
          ],
          "value": "AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the\ncommand queue can use it to launch an attack by running any executable on the AdvaBuild node. The\nexecutables that can be run are not limited to AdvaBuild specific executables.\u00a0\n\nImproper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-23T17:36:51.458Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nABB recommends changing any user account passwords which are suspected to be known by an unauthorized person. Interactive logon (both local and remote) is recommended to be disabled for service\naccounts.\n\n\u003cbr\u003e\n\nPlease note that the vulnerability can only be exploited by authenticated users, so customers are recommended to ensure that only authorized persons have access to user accounts for the computers where\nAdvaBuild is used.\n\u003cbr\u003e\u003cbr\u003eAll the vulnerabilities have been corrected in AdvaBuild version 3.7 SP3 released in April 2021.\n\u003cbr\u003e\u003cbr\u003eABB recommends that customers apply the update at earliest convenience. Users who are unable to install the update should immediately look to implement the \u201cMitigating factors\u201d listed below as this will\nrestrict or prevent an attacker\u2019s ability to compromise the system.\n\n\u003cbr\u003e"
            }
          ],
          "value": "ABB recommends changing any user account passwords which are suspected to be known by an unauthorized person. Interactive logon (both local and remote) is recommended to be disabled for service\naccounts.\n\n\n\n\nPlease note that the vulnerability can only be exploited by authenticated users, so customers are recommended to ensure that only authorized persons have access to user accounts for the computers where\nAdvaBuild is used.\n\n\nAll the vulnerabilities have been corrected in AdvaBuild version 3.7 SP3 released in April 2021.\n\n\nABB recommends that customers apply the update at earliest convenience. Users who are unable to install the update should immediately look to implement the \u201cMitigating factors\u201d listed below as this will\nrestrict or prevent an attacker\u2019s ability to compromise the system."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Elevation of Privilege",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2020-11640",
    "datePublished": "2024-07-23T17:36:51.458Z",
    "dateReserved": "2020-04-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:35:13.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the\\ncommand queue can use it to launch an attack by running any executable on the AdvaBuild node. The\\nexecutables that can be run are not limited to AdvaBuild specific executables.\\u00a0\\n\\nImproper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.\"}, {\"lang\": \"es\", \"value\": \"AdvaBuild utiliza una cola de comandos para iniciar determinadas operaciones. Un atacante que obtenga acceso a la cola de comandos puede usarla para lanzar un ataque ejecutando cualquier ejecutable en el nodo AdvaBuild. Los ejecutables que se pueden ejecutar no se limitan a ejecutables espec\\u00edficos de AdvaBuild. Vulnerabilidad de gesti\\u00f3n de privilegios inadecuada en ABB Advant MOD 300 AdvaBuild. Este problema afecta a Advant MOD 300 AdvaBuild: desde 3.0 hasta 3.7 SP2.\"}]",
      "id": "CVE-2020-11640",
      "lastModified": "2024-11-21T04:58:18.270",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2024-07-23T18:15:05.083",
      "references": "[{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177\", \"source\": \"cybersecurity@ch.abb.com\"}, {\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cybersecurity@ch.abb.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11640\",\"sourceIdentifier\":\"cybersecurity@ch.abb.com\",\"published\":\"2024-07-23T18:15:05.083\",\"lastModified\":\"2024-11-21T04:58:18.270\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the\\ncommand queue can use it to launch an attack by running any executable on the AdvaBuild node. The\\nexecutables that can be run are not limited to AdvaBuild specific executables.\u00a0\\n\\nImproper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.\"},{\"lang\":\"es\",\"value\":\"AdvaBuild utiliza una cola de comandos para iniciar determinadas operaciones. Un atacante que obtenga acceso a la cola de comandos puede usarla para lanzar un ataque ejecutando cualquier ejecutable en el nodo AdvaBuild. Los ejecutables que se pueden ejecutar no se limitan a ejecutables espec\u00edficos de AdvaBuild. Vulnerabilidad de gesti\u00f3n de privilegios inadecuada en ABB Advant MOD 300 AdvaBuild. Este problema afecta a Advant MOD 300 AdvaBuild: desde 3.0 hasta 3.7 SP2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177\",\"source\":\"cybersecurity@ch.abb.com\"},{\"url\":\"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T11:35:13.681Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-11640\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T18:09:49.474898Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:abb:advabuild:*:*:*:*:*:*:mod_300:*\"], \"vendor\": \"abb\", \"product\": \"advabuild\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.7sp2\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-23T18:48:23.721Z\"}}], \"cna\": {\"title\": \"Elevation of Privilege\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ABB\", \"product\": \"Advant MOD 300 AdvaBuild\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\", \"versionType\": \"update\", \"lessThanOrEqual\": \"3.7 SP2\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"ABB recommends changing any user account passwords which are suspected to be known by an unauthorized person. Interactive logon (both local and remote) is recommended to be disabled for service\\naccounts.\\n\\n\\n\\n\\nPlease note that the vulnerability can only be exploited by authenticated users, so customers are recommended to ensure that only authorized persons have access to user accounts for the computers where\\nAdvaBuild is used.\\n\\n\\nAll the vulnerabilities have been corrected in AdvaBuild version 3.7 SP3 released in April 2021.\\n\\n\\nABB recommends that customers apply the update at earliest convenience. Users who are unable to install the update should immediately look to implement the \\u201cMitigating factors\\u201d listed below as this will\\nrestrict or prevent an attacker\\u2019s ability to compromise the system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nABB recommends changing any user account passwords which are suspected to be known by an unauthorized person. Interactive logon (both local and remote) is recommended to be disabled for service\\naccounts.\\n\\n\u003cbr\u003e\\n\\nPlease note that the vulnerability can only be exploited by authenticated users, so customers are recommended to ensure that only authorized persons have access to user accounts for the computers where\\nAdvaBuild is used.\\n\u003cbr\u003e\u003cbr\u003eAll the vulnerabilities have been corrected in AdvaBuild version 3.7 SP3 released in April 2021.\\n\u003cbr\u003e\u003cbr\u003eABB recommends that customers apply the update at earliest convenience. Users who are unable to install the update should immediately look to implement the \\u201cMitigating factors\\u201d listed below as this will\\nrestrict or prevent an attacker\\u2019s ability to compromise the system.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-07-22T17:33:00.000Z\", \"references\": [{\"url\": \"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.200044199.882581162.1721753430-284724496.1718609177\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the\\ncommand queue can use it to launch an attack by running any executable on the AdvaBuild node. The\\nexecutables that can be run are not limited to AdvaBuild specific executables.\\u00a0\\n\\nImproper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nAdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the\\ncommand queue can use it to launch an attack by running any executable on the AdvaBuild node. The\\nexecutables that can be run are not limited to AdvaBuild specific executables.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eImproper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.\u003cp\u003eThis issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"2b718523-d88f-4f37-9bbd-300c20644bf9\", \"shortName\": \"ABB\", \"dateUpdated\": \"2024-07-23T17:36:51.458Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-11640\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-04T11:35:13.681Z\", \"dateReserved\": \"2020-04-08T00:00:00.000Z\", \"assignerOrgId\": \"2b718523-d88f-4f37-9bbd-300c20644bf9\", \"datePublished\": \"2024-07-23T17:36:51.458Z\", \"assignerShortName\": \"ABB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.