MEDIUM🇵🇱 Wersja polska

CVE-2020-8472

CVSS 5.5v3.1pub. 2020-04-29upd. 2024-11-21

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Abb Ac800m

    HW
    Abb
    wszystkie wersje
  • Abb Base Software

    APP
    Abb
    ≤ 6.1
  • Abb Control Builder M

    APP
    Abb
    ≤ 6.1
  • Abb Mms Server

    APP
    Abb
    ≤ 6.1
  • Abb Opc Server

    APP
    Abb
    ≤ 6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-24672CRITICAL9.8ten sam produkt

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a comp...

CVE-2021-22277HIGH7.5ten sam produkt

Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Comp...

CVE-2020-8478MEDIUM5.3ten sam produkt

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server f...

CVE-2024-51547CRITICAL9.3PL ✓ten sam vendor

Zakodowane na stałe dane uwierzytelniające w urządzeniach ABB ASPECT/NEXUS/MATRIX

CVE-2024-11317CRITICAL9.3PL ✓ten sam vendor

Session Fixation w ABB ASPECT i NEXUS/MATRIX Series — przejęcie sesji użytkownika