CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11640 – Elevation of Privilege
https://notcve.org/view.php?id=CVE-2020-11640
23 Jul 2024 — AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. AdvaBuild utiliza una cola de comandos para iniciar determinadas operaciones. • https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11639 – Insufficient access control on Inter process communication,
https://notcve.org/view.php?id=CVE-2020-11639
23 Jul 2024 — An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7... • https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177 • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •