CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8487 – ABB System 800xA Inter process communication vulnerability - System 800xA Base
https://notcve.org/view.php?id=CVE-2020-8487
29 Apr 2020 — Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling. Una protección insuficiente de las funciones de comunicación entre procesos en ABB System 800xA Base (todas las versiones publicadas), permite a un atacante autenticado en el sistema local inyectar datos, afectando al manejo de la redundancia de nodos. • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8481 – ABB Central Licensing System - Information disclosure
https://notcve.org/view.php?id=CVE-2020-8481
29 Apr 2020 — For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Ser... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8471 – ABB Central Licensing System - Weak File Permissions
https://notcve.org/view.php?id=CVE-2020-8471
29 Apr 2020 — For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control B... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-275: Permission Issues CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-8475 – ABB Central Licensing System - Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-8475
29 Apr 2020 — For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control B... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2020-8476 – ABB Central Licensing System - Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-8476
29 Apr 2020 — For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control B... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-8479 – ABB Central Licensing System - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2020-8479
29 Apr 2020 — For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control B... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8473 – ABB System 800xA Weak File Permissions - ABB System 800xA Base
https://notcve.org/view.php?id=CVE-2020-8473
28 Apr 2020 — Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. Los permisos de carpeta insuficientes usados por las funciones del sistema en ABB System 800xA Base (versiones 6.1 y anteriores), permiten a usu... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8474 – ABB System 800xA Weak Registry Permissions
https://notcve.org/view.php?id=CVE-2020-8474
22 Apr 2020 — Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. Permisos de Registro débiles en ABB System 800xA Base, permiten a usuarios poco privilegiado leer y modificar la configuración del registro relacionada con una funcionalidad del sistema de control, lo que permite a un atacante autenticado causar que las funciones del sis... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121221&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-269: Improper Privilege Management CWE-275: Permission Issues •