csaf_cisa - icsa-20-154-04

icsa-20-154-04

Vulnerability from csaf_cisa

Published

2020-06-02 00:00

Modified

2020-06-02 00:00

Summary

ABB Central Licensing System

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system node remotely and cause an affected CLS Server node to stop or prevent legitimate access to the affected CLS Server.

Critical infrastructure sectors

Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater

Countries/areas deployed

Worldwide

Company headquarters location

Switzerland

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "William Knowles"
        ],
        "organization": "Applied Risk",
        "summary": "reporting these vulnerabilities to ABB"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system node remotely and cause an affected CLS Server node to stop or prevent legitimate access to the affected CLS Server.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Water and Wastewater",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Switzerland",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-154-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-154-04.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-20-154-04 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-154-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "ABB Central Licensing System",
    "tracking": {
      "current_release_date": "2020-06-02T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-20-154-04",
      "initial_release_date": "2020-06-02T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-06-02T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-20-154-04 ABB Central Licensing System"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.7 SP1 | 3.7 SP2",
                "product": {
                  "name": "AdvaBuild: Versions 3.7 SP1 3.7 SP2",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "AdvaBuild"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.3 | 1.4",
                "product": {
                  "name": "ABB Ability System 800xA / Advant OCS Control Builder A: Versions 1.3 1.4",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "ABB Ability System 800xA / Advant OCS Control Builder A"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.1 | 6.0 | 6.1",
                "product": {
                  "name": "ABB Ability System 800xA and related system extensions: Versions 5.1 6.0 6.1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "ABB Ability System 800xA and related system extensions"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1812 | 1909",
                "product": {
                  "name": "ABB Ability Manufacturing Operations Management: Versions 1812 1909",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "ABB Ability Manufacturing Operations Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.0 | 6.1 | 7.0",
                "product": {
                  "name": "Harmony OPC Server (HAOPC): Standalone Versions 6.0 6.1 7.0",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Harmony OPC Server (HAOPC)"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.1 | 6.0 | 6.1",
                "product": {
                  "name": "Advant OCS AC 100 OPC Server: Versions 5.1 6.0 6.1",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Advant OCS AC 100 OPC Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.1 | 2.2",
                "product": {
                  "name": "OPC Data Link: Versions 2.1 2.2",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "OPC Data Link"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.1 | 6.0 | 6.1",
                "product": {
                  "name": "Composer Harmony: Versions 5.1 6.0 6.1",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "Composer Harmony"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 1.1 | \u003c= 2.2",
                "product": {
                  "name": "ABB Ability Symphony Plus - S+ Engineering: Versions 1.1 to 2.2",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "ABB Ability Symphony Plus - S+ Engineering"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.4",
                "product": {
                  "name": "OPC Server MOD 300 (non-800xA): Version 1.4",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "OPC Server MOD 300 (non-800xA)"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.0 | 9.0 | 9.1",
                "product": {
                  "name": "ABB Ability Knowledge Manager: Versions 8.0 9.0 9.1",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "ABB Ability Knowledge Manager"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.1 | 6.2",
                "product": {
                  "name": "Composer CTK: Versions 6.1 6.2",
                  "product_id": "CSAFPID-00012"
                }
              }
            ],
            "category": "product_name",
            "name": "Composer CTK"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0 | 1.1 | 2.0",
                "product": {
                  "name": "Control Builder Safe: Versions 1.0 1.1 2.0",
                  "product_id": "CSAFPID-00013"
                }
              }
            ],
            "category": "product_name",
            "name": "Control Builder Safe"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.3 | 6.1 | 6.2 | 6.3",
                "product": {
                  "name": "Composer Melody (incl. SPE for Melody 1.0 SPx): Versions 5.3 6.1 6.2 6.3",
                  "product_id": "CSAFPID-00014"
                }
              }
            ],
            "category": "product_name",
            "name": "Composer Melody (incl. SPE for Melody 1.0 SPx)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 3.0 | \u003c= 3.2",
                "product": {
                  "name": "ABB Ability Symphony Plus - S+ Operations: Versions 3.0 to 3.2",
                  "product_id": "CSAFPID-00015"
                }
              }
            ],
            "category": "product_name",
            "name": "ABB Ability Symphony Plus - S+ Operations"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.1 | 6.0",
                "product": {
                  "name": "Compact HMI: Versions 5.1 6.0",
                  "product_id": "CSAFPID-00016"
                }
              }
            ],
            "category": "product_name",
            "name": "Compact HMI"
          }
        ],
        "category": "vendor",
        "name": "ABB"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8481",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Confidential data is written in an unprotected file, which may allow an attacker to login to the affected node as a low privileged user and read confidential data from an unprotected file.CVE-2020-8481 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012",
          "CSAFPID-00013",
          "CSAFPID-00014",
          "CSAFPID-00015",
          "CSAFPID-00016"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8481"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev A (5.1.0.38)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev E (5.1.0.99)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0 (6.0.0.26)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0.3.3 (6.0.03000.192)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.1 RU1 (6.1.00100.417)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ABB Central Licensing Server 5.1 (5.1.0.14) or earlier has been used on the currently used hardware, please contact ABB for further assistance.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Methods for preventing unauthorized access to nodes on the CLS network include but are not limited to usage of IPSec and by separating the Client Server Network from other networks with firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure only authorized individuals have access to user accounts on the system nodes.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Interactive login to service accounts should be blocked.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please see ABB\u0027s cybersecurity advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ],
          "url": "https://search-ext.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-8479",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to an external entity injection, which may allow an attacker to read arbitrary files from the license server and/or from the network. An attacker could also block the license handling.CVE-2020-8479 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012",
          "CSAFPID-00013",
          "CSAFPID-00014",
          "CSAFPID-00015",
          "CSAFPID-00016"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8479"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev A (5.1.0.38)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev E (5.1.0.99)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0 (6.0.0.26)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0.3.3 (6.0.03000.192)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.1 RU1 (6.1.00100.417)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ABB Central Licensing Server 5.1 (5.1.0.14) or earlier has been used on the currently used hardware, please contact ABB for further assistance.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Methods for preventing unauthorized access to nodes on the CLS network include but are not limited to usage of IPSec and by separating the Client Server Network from other networks with firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure only authorized individuals have access to user accounts on the system nodes.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Interactive login to service accounts should be blocked.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please see ABB\u0027s cybersecurity advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ],
          "url": "https://search-ext.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-8475",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to a denial-of-service attack, which may allow an attacker to successfully block license handling.CVE-2020-8475 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012",
          "CSAFPID-00013",
          "CSAFPID-00014",
          "CSAFPID-00015",
          "CSAFPID-00016"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8475"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev A (5.1.0.38)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev E (5.1.0.99)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0 (6.0.0.26)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0.3.3 (6.0.03000.192)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.1 RU1 (6.1.00100.417)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ABB Central Licensing Server 5.1 (5.1.0.14) or earlier has been used on the currently used hardware, please contact ABB for further assistance.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Vulnerabilities pertaining to CVE-2020-8475 and CVE-2020-8476 will be corrected in future product versions. Updates will be added to this advisory once they become available.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Methods for preventing unauthorized access to nodes on the CLS network include but are not limited to usage of IPSec and by separating the Client Server Network from other networks with firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure only authorized individuals have access to user accounts on the system nodes.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Interactive login to service accounts should be blocked.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please see ABB\u0027s cybersecurity advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ],
          "url": "https://search-ext.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-8476",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to elevation of privileges, which may allow an attacker to alter licenses assigned to system nodes. This could potentially lead to a situation where legitimate nodes in the system network are denied licenses.CVE-2020-8476 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012",
          "CSAFPID-00013",
          "CSAFPID-00014",
          "CSAFPID-00015",
          "CSAFPID-00016"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8476"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev A (5.1.0.38)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev E (5.1.0.99)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0 (6.0.0.26)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0.3.3 (6.0.03000.192)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.1 RU1 (6.1.00100.417)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ABB Central Licensing Server 5.1 (5.1.0.14) or earlier has been used on the currently used hardware, please contact ABB for further assistance.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Vulnerabilities pertaining to CVE-2020-8475 and CVE-2020-8476 will be corrected in future product versions. Updates will be added to this advisory once they become available.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Methods for preventing unauthorized access to nodes on the CLS network include but are not limited to usage of IPSec and by separating the Client Server Network from other networks with firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure only authorized individuals have access to user accounts on the system nodes.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Interactive login to service accounts should be blocked.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please see ABB\u0027s cybersecurity advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ],
          "url": "https://search-ext.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-8471",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to weak file permissions, which may allow an attacker to block license handling, escalate privileges, and execute arbitrary code.CVE-2020-8471 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012",
          "CSAFPID-00013",
          "CSAFPID-00014",
          "CSAFPID-00015",
          "CSAFPID-00016"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8471"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev A (5.1.0.38)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 5.1 Rev E (5.1.0.99)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0 (6.0.0.26)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.0.3.3 (6.0.03000.192)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Upgrade ABB CLS to the following version: 6.1 RU1 (6.1.00100.417)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ABB Central Licensing Server 5.1 (5.1.0.14) or earlier has been used on the currently used hardware, please contact ABB for further assistance.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Methods for preventing unauthorized access to nodes on the CLS network include but are not limited to usage of IPSec and by separating the Client Server Network from other networks with firewalls.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Ensure only authorized individuals have access to user accounts on the system nodes.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "Interactive login to service accounts should be blocked.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please see ABB\u0027s cybersecurity advisory.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ],
          "url": "https://search-ext.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012",
            "CSAFPID-00013",
            "CSAFPID-00014",
            "CSAFPID-00015",
            "CSAFPID-00016"
          ]
        }
      ]
    }
  ]
}

cve-2020-8479

Vulnerability from cvelistv5

Published

2020-04-29 00:00

Modified

2024-08-04 10:03

Severity ?

9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Summary

ABB Central Licensing System - XML External Entity Injection

References

▼	URL	Tags
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
	https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch

Impacted products

Vendor

Product

Version

▼

ABB

Central Licensing System

Version: 5.1 < 5*

ABB	ABB Ability System 800xA	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Compact HMI	Version: 5.1 Version: 6.0
ABB	Control Builder Safe	Version: 1.0 Version: 1.1 Version: 2.0
ABB	Symphony Plus S+ Operations	Version: 3 <
ABB	Symphony Plus S+ Engineering	Version: 1.1 <
ABB	Composer Harmony	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Composer Melody	Version: 5.3 Version: 6 <
ABB	Harmony OPC Server Standalone	Version: 6.0 Version: 6.1 Version: 7.0
ABB	Advant OCS Control Builder A	Version: 1.3 Version: 1.4
ABB	Composer CTK	Version: 6.1 Version: 6.2
ABB	AdvaBuild	Version: 3.7 SP1 Version: 3.7 SP2
ABB	OPC Server for Mod 300 (non-800xA)	Version: 1.4
ABB	OPC Data Link	Version: 2.1 Version: 2.2
ABB	Knowledge Manager	Version: 8.0 Version: 9.0 Version: 9.1
ABB	Manufacturing Operations Management	Version: 1812 Version: 1909
ABB	Advant OCS AC 100 OPS Server	Version: 5.1 Version: 6.0 Version: 6.1
ABB	ABB Ability™ SCADAvantage	Version: 5.1 < unspecified Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:44.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Central Licensing System",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "5*",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ABB Ability System 800xA",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Compact HMI",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Control Builder Safe",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Operations",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.2",
              "status": "affected",
              "version": "3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Engineering ",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "1.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Composer Harmony",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Composer Melody ",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThanOrEqual": "6.3",
              "status": "affected",
              "version": "6",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Harmony OPC Server Standalone",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Advant OCS Control Builder A",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "Composer CTK",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.2"
            }
          ]
        },
        {
          "product": "AdvaBuild",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.7 SP1"
            },
            {
              "status": "affected",
              "version": "3.7 SP2"
            }
          ]
        },
        {
          "product": "OPC Server for Mod 300 (non-800xA)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "OPC Data Link",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        },
        {
          "product": "Knowledge Manager",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            }
          ]
        },
        {
          "product": "Manufacturing Operations Management",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1812"
            },
            {
              "status": "affected",
              "version": "1909"
            }
          ]
        },
        {
          "product": "Advant  OCS AC 100 OPS Server",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "ABB  Ability\u2122 SCADAvantage",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.6.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-91",
              "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-28T00:00:00",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ABB Central Licensing System - XML External Entity Injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2020-8479",
    "datePublished": "2020-04-29T00:00:00",
    "dateReserved": "2020-01-30T00:00:00",
    "dateUpdated": "2024-08-04T10:03:44.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8471

Vulnerability from cvelistv5

Published

2020-04-29 01:30

Modified

2024-08-04 10:03

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

ABB Central Licensing System - Weak File Permissions

References

▼	URL	Tags
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch	x_refsource_CONFIRM
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-20-154-04	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

ABB

Central Licensing System

Version: 5.1 < 5*

ABB	ABB Ability System 800xA	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Compact HMI	Version: 5.1 Version: 6.0
ABB	Control Builder Safe	Version: 1.0 Version: 1.1 Version: 2.0
ABB	Symphony Plus S+ Operations	Version: 3 <
ABB	Symphony Plus S+ Engineering	Version: 1.1 <
ABB	Composer Harmony	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Composer Melody	Version: 5.3 Version: 6 <
ABB	Harmony OPC Server Standalone	Version: 6.0 Version: 6.1 Version: 7.0
ABB	Advant OCS Control Builder A	Version: 1.3 Version: 1.4
ABB	Composer CTK	Version: 6.1 Version: 6.2
ABB	AdvaBuild	Version: 3.7 SP1 Version: 3.7 SP2
ABB	OPC Server for Mod 300 (non-800xA)	Version: 1.4
ABB	OPC Data Link	Version: 2.1 Version: 2.2
ABB	Knowledge Manager	Version: 8.0 Version: 9.0 Version: 9.1
ABB	Manufacturing Operations Management	Version: 1812 Version: 1909
ABB	Advant OCS AC 100 OPS Server	Version: 5.1 Version: 6.0 Version: 6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:44.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Central Licensing System",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "5*",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ABB Ability System 800xA",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Compact HMI",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Control Builder Safe",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Operations",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.2",
              "status": "affected",
              "version": "3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Engineering ",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "1.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Composer Harmony",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Composer Melody ",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThanOrEqual": "6.3",
              "status": "affected",
              "version": "6",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Harmony OPC Server Standalone",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Advant OCS Control Builder A",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "Composer CTK",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.2"
            }
          ]
        },
        {
          "product": "AdvaBuild",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.7 SP1"
            },
            {
              "status": "affected",
              "version": "3.7 SP2"
            }
          ]
        },
        {
          "product": "OPC Server for Mod 300 (non-800xA)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "OPC Data Link",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        },
        {
          "product": "Knowledge Manager",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            }
          ]
        },
        {
          "product": "Manufacturing Operations Management",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1812"
            },
            {
              "status": "affected",
              "version": "1909"
            }
          ]
        },
        {
          "product": "Advant  OCS AC 100 OPS Server",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-275",
              "description": "CWE-275 Permission Issues",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-09T16:16:51",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ABB Central Licensing System - Weak File Permissions",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@ch.abb.com",
          "ID": "CVE-2020-8471",
          "STATE": "PUBLIC",
          "TITLE": "ABB Central Licensing System - Weak File Permissions"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Central Licensing System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "5",
                            "version_value": "5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ABB Ability System 800xA",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Compact HMI",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Control Builder Safe",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "1.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symphony Plus S+ Operations",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "3",
                            "version_value": "3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symphony Plus S+ Engineering ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.1",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Composer Harmony",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Composer Melody ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.3"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "6",
                            "version_value": "6.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Harmony OPC Server Standalone",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Advant OCS Control Builder A",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.3"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Composer CTK",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "AdvaBuild",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "3.7 SP1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OPC Server for Mod 300 (non-800xA)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OPC Data Link",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Knowledge Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Manufacturing Operations Management",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1812"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "1909"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Advant  OCS AC 100 OPS Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ABB"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-275 Permission Issues"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-04"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2020-8471",
    "datePublished": "2020-04-29T01:30:43",
    "dateReserved": "2020-01-30T00:00:00",
    "dateUpdated": "2024-08-04T10:03:44.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8476

Vulnerability from cvelistv5

Published

2020-04-29 00:00

Modified

2024-08-04 10:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

ABB Central Licensing System - Elevation of Privilege Vulnerability

References

▼	URL	Tags
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
	https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch

Impacted products

Vendor

Product

Version

▼

ABB

Central Licensing System

Version: 5.1 < 5*

ABB	ABB Ability System 800xA	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Compact HMI	Version: 5.1 Version: 6.0
ABB	Control Builder Safe	Version: 1.0 Version: 1.1 Version: 2.0
ABB	Symphony Plus S+ Operations	Version: 3 <
ABB	Symphony Plus S+ Engineering	Version: 1.1 <
ABB	Composer Harmony	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Composer Melody	Version: 5.3 Version: 6 <
ABB	Harmony OPC Server Standalone	Version: 6.0 Version: 6.1 Version: 7.0
ABB	Advant OCS Control Builder A	Version: 1.3 Version: 1.4
ABB	Composer CTK	Version: 6.1 Version: 6.2
ABB	AdvaBuild	Version: 3.7 SP1 Version: 3.7 SP2
ABB	OPC Server for Mod 300 (non-800xA)	Version: 1.4
ABB	OPC Data Link	Version: 2.1 Version: 2.2
ABB	Knowledge Manager	Version: 8.0 Version: 9.0 Version: 9.1
ABB	Manufacturing Operations Management	Version: 1812 Version: 1909
ABB	Advant OCS AC 100 OPS Server	Version: 5.1 Version: 6.0 Version: 6.1
ABB	ABB Ability™ SCADAvantage	Version: 5.1 < unspecified Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:45.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Central Licensing System",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "5*",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ABB Ability System 800xA",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Compact HMI",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Control Builder Safe",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Operations",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.2",
              "status": "affected",
              "version": "3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Engineering ",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "1.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Composer Harmony",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Composer Melody ",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThanOrEqual": "6.3",
              "status": "affected",
              "version": "6",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Harmony OPC Server Standalone",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Advant OCS Control Builder A",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "Composer CTK",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.2"
            }
          ]
        },
        {
          "product": "AdvaBuild",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.7 SP1"
            },
            {
              "status": "affected",
              "version": "3.7 SP2"
            }
          ]
        },
        {
          "product": "OPC Server for Mod 300 (non-800xA)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "OPC Data Link",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        },
        {
          "product": "Knowledge Manager",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            }
          ]
        },
        {
          "product": "Manufacturing Operations Management",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1812"
            },
            {
              "status": "affected",
              "version": "1909"
            }
          ]
        },
        {
          "product": "Advant  OCS AC 100 OPS Server",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "ABB  Ability\u2122 SCADAvantage",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.6.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-28T00:00:00",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ABB Central Licensing System - Elevation of Privilege Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2020-8476",
    "datePublished": "2020-04-29T00:00:00",
    "dateReserved": "2020-01-30T00:00:00",
    "dateUpdated": "2024-08-04T10:03:45.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8475

Vulnerability from cvelistv5

Published

2020-04-29 00:00

Modified

2024-08-04 10:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

ABB Central Licensing System - Denial of Service Vulnerability

References

▼	URL	Tags
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
	https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch

Impacted products

Vendor

Product

Version

▼

ABB

Central Licensing System

Version: 5.1 < 5*

ABB	ABB Ability System 800xA	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Compact HMI	Version: 5.1 Version: 6.0
ABB	Control Builder Safe	Version: 1.0 Version: 1.1 Version: 2.0
ABB	Symphony Plus S+ Operations	Version: 3 <
ABB	Symphony Plus S+ Engineering	Version: 1.1 <
ABB	Composer Harmony	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Composer Melody	Version: 5.3 Version: 6 <
ABB	Harmony OPC Server Standalone	Version: 6.0 Version: 6.1 Version: 7.0
ABB	Advant OCS Control Builder A	Version: 1.3 Version: 1.4
ABB	Composer CTK	Version: 6.1 Version: 6.2
ABB	AdvaBuild	Version: 3.7 SP1 Version: 3.7 SP2
ABB	OPC Server for Mod 300 (non-800xA)	Version: 1.4
ABB	OPC Data Link	Version: 2.1 Version: 2.2
ABB	Knowledge Manager	Version: 8.0 Version: 9.0 Version: 9.1
ABB	Manufacturing Operations Management	Version: 1812 Version: 1909
ABB	Advant OCS AC 100 OPS Server	Version: 5.1 Version: 6.0 Version: 6.1
ABB	ABB Ability™ SCADAvantage	Version: 5.1 < unspecified Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:44.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Central Licensing System",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "5*",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ABB Ability System 800xA",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Compact HMI",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Control Builder Safe",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Operations",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.2",
              "status": "affected",
              "version": "3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Engineering ",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "1.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Composer Harmony",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Composer Melody ",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThanOrEqual": "6.3",
              "status": "affected",
              "version": "6",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Harmony OPC Server Standalone",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Advant OCS Control Builder A",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "Composer CTK",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.2"
            }
          ]
        },
        {
          "product": "AdvaBuild",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.7 SP1"
            },
            {
              "status": "affected",
              "version": "3.7 SP2"
            }
          ]
        },
        {
          "product": "OPC Server for Mod 300 (non-800xA)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "OPC Data Link",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        },
        {
          "product": "Knowledge Manager",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            }
          ]
        },
        {
          "product": "Manufacturing Operations Management",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1812"
            },
            {
              "status": "affected",
              "version": "1909"
            }
          ]
        },
        {
          "product": "Advant  OCS AC 100 OPS Server",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "ABB  Ability\u2122 SCADAvantage",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.6.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For the Central Licensing Server component used in ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-28T00:00:00",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ABB Central Licensing System - Denial of Service Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2020-8475",
    "datePublished": "2020-04-29T00:00:00",
    "dateReserved": "2020-01-30T00:00:00",
    "dateUpdated": "2024-08-04T10:03:44.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8481

Vulnerability from cvelistv5

Published

2020-04-29 01:30

Modified

2024-08-04 10:03

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

ABB Central Licensing System - Information disclosure

References

▼	URL	Tags
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch	x_refsource_CONFIRM
	https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

ABB

Central Licensing System

Version: 5.1 < 5*

ABB	ABB Ability System 800xA	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Compact HMI	Version: 5.1 Version: 6.0
ABB	Control Builder Safe	Version: 1.0 Version: 1.1 Version: 2.0
ABB	Symphony Plus S+ Operations	Version: 3 <
ABB	Symphony Plus S+ Engineering	Version: 1.1 <
ABB	Composer Harmony	Version: 5.1 Version: 6.0 Version: 6.1
ABB	Composer Melody	Version: 5.3 Version: 6 <
ABB	Harmony OPC Server Standalone	Version: 6.0 Version: 6.1 Version: 7.0
ABB	Advant OCS Control Builder A	Version: 1.3 Version: 1.4
ABB	Composer CTK	Version: 6.1 Version: 6.2
ABB	AdvaBuild	Version: 3.7 SP1 Version: 3.7 SP2
ABB	OPC Server for Mod 300 (non-800xA)	Version: 1.4
ABB	OPC Data Link	Version: 2.1 Version: 2.2
ABB	Knowledge Manager	Version: 8.0 Version: 9.0 Version: 9.1
ABB	Manufacturing Operations Management	Version: 1812 Version: 1909
ABB	Advant OCS AC 100 OPS Server	Version: 5.1 Version: 6.0 Version: 6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:45.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Central Licensing System",
          "vendor": "ABB",
          "versions": [
            {
              "lessThan": "5*",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ABB Ability System 800xA",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Compact HMI",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            }
          ]
        },
        {
          "product": "Control Builder Safe",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Operations",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "3.2",
              "status": "affected",
              "version": "3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Symphony Plus S+ Engineering ",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "1.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Composer Harmony",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        },
        {
          "product": "Composer Melody ",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThanOrEqual": "6.3",
              "status": "affected",
              "version": "6",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Harmony OPC Server Standalone",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        },
        {
          "product": "Advant OCS Control Builder A",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "Composer CTK",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "status": "affected",
              "version": "6.2"
            }
          ]
        },
        {
          "product": "AdvaBuild",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.7 SP1"
            },
            {
              "status": "affected",
              "version": "3.7 SP2"
            }
          ]
        },
        {
          "product": "OPC Server for Mod 300 (non-800xA)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        },
        {
          "product": "OPC Data Link",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        },
        {
          "product": "Knowledge Manager",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            }
          ]
        },
        {
          "product": "Manufacturing Operations Management",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "1812"
            },
            {
              "status": "affected",
              "version": "1909"
            }
          ]
        },
        {
          "product": "Advant  OCS AC 100 OPS Server",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-29T01:30:56",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ABB Central Licensing System - Information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@ch.abb.com",
          "ID": "CVE-2020-8481",
          "STATE": "PUBLIC",
          "TITLE": "ABB Central Licensing System - Information disclosure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Central Licensing System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "5",
                            "version_value": "5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ABB Ability System 800xA",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Compact HMI",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Control Builder Safe",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "1.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symphony Plus S+ Operations",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "3",
                            "version_value": "3.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Symphony Plus S+ Engineering ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.1",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Composer Harmony",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Composer Melody ",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.3"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "6",
                            "version_value": "6.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Harmony OPC Server Standalone",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Advant OCS Control Builder A",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.3"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Composer CTK",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "AdvaBuild",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "3.7 SP1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "3.7 SP2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OPC Server for Mod 300 (non-800xA)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OPC Data Link",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "2.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Knowledge Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Manufacturing Operations Management",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "1812"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "1909"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Advant  OCS AC 100 OPS Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "5.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ABB"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For ABB products ABB Ability\u2122 System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability\u2122 System 800xA/ Advant\u00ae OCS Control Builder A 1.3 and 1.4, Advant\u00ae OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            },
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2020-8481",
    "datePublished": "2020-04-29T01:30:56",
    "dateReserved": "2020-01-30T00:00:00",
    "dateUpdated": "2024-08-04T10:03:45.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

icsa-20-154-04

Vulnerability from csaf_cisa

cve-2020-8479

Vulnerability from cvelistv5

cve-2020-8471

Vulnerability from cvelistv5

cve-2020-8476

Vulnerability from cvelistv5

cve-2020-8475

Vulnerability from cvelistv5

cve-2020-8481

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature