CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8477 – ABB System 800xA Information Manager Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8477
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. Las instalaciones de ABB System 800xA Information Manager versiones 5.1, versiones 6.0 hasta 6.0.3.2 y versión 6.1, contienen incorrectamente un componente auxiliar. Un atacante puede usar esto para un ataque de tipo XSS hacia un usuario local autenticado, lo que podría conllevar a una ejecución de código arbitrario. • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-489: Active Debug Code •