VAR-202004-2173
Vulnerability from variot - Updated: 2023-12-18 11:58Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. ABB System 800xA Information Manager Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company.
ABB System 800xA Base has an authorization vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system 800xa base",
"scope": null,
"trust": 1.4,
"vendor": "abb",
"version": null
},
{
"model": "800xa base system",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "6.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "800xa base system",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "NVD",
"id": "CVE-2020-8474"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:800xa_base_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8474"
}
]
},
"cve": "CVE-2020-8474",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004734",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-25012",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e72c0533-0499-4461-92e0-ebce5e995817",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-186599",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004734",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8474",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cybersecurity@ch.abb.com",
"id": "CVE-2020-8474",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004734",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25012",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1905",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186599",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "VULHUB",
"id": "VHN-186599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. ABB System 800xA Information Manager Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB System 800xA Base is a set of distributed control system for industrial control industry of Swiss ABB company. \n\r\n\r\nABB System 800xA Base has an authorization vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "VULHUB",
"id": "VHN-186599"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8474",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-154-02",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1905",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2020-25012",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU94921886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1922",
"trust": 0.6
},
{
"db": "IVD",
"id": "CBC79F2C-47B2-40AB-ABF7-0014B91B5ECA",
"trust": 0.2
},
{
"db": "IVD",
"id": "E72C0533-0499-4461-92E0-EBCE5E995817",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186599",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "VULHUB",
"id": "VHN-186599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
]
},
"id": "VAR-202004-2173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "VULHUB",
"id": "VHN-186599"
}
],
"trust": 1.7666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
}
]
},
"last_update_date": "2023-12-18T11:58:27.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY System 800xA Weak Registry Permissions",
"trust": 0.8,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121221\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"title": "Patch for ABB System 800xA Base authorization issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/215501"
},
{
"title": "ABB System 800xA Base Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "NVD",
"id": "CVE-2020-8474"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8474"
},
{
"trust": 1.6,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121221\u0026languagecode=en\u0026documentpartid=\u0026action=launch"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-154-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8474"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94921886/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1922/"
},
{
"trust": 0.1,
"url": "https://search.abb.com/library/download.aspx?documentid=2paa121221\u0026amp;languagecode=en\u0026amp;documentpartid=\u0026amp;action=launch"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "VULHUB",
"id": "VHN-186599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"db": "VULHUB",
"id": "VHN-186599"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-22T00:00:00",
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"date": "2020-04-22T00:00:00",
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"date": "2020-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-186599"
},
{
"date": "2020-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"date": "2020-04-22T15:15:14.643000",
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"date": "2020-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25012"
},
{
"date": "2020-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-186599"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004734"
},
{
"date": "2020-04-30T20:11:57.710000",
"db": "NVD",
"id": "CVE-2020-8474"
},
{
"date": "2020-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB System 800xA Base Authorization Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "cbc79f2c-47b2-40ab-abf7-0014b91b5eca"
},
{
"db": "IVD",
"id": "e72c0533-0499-4461-92e0-ebce5e995817"
},
{
"db": "CNVD",
"id": "CNVD-2020-25012"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1905"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…