CVE-2020-11639Improper Enforcement of Message Integrity During Transmission in a Communication Channel in Advabuild

CWE-924Improper Enforcement of Message Integrity During Transmission in a Communication ChannelCWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 65.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ABB AdvabuildABB Advant MOD 300 Advabuild
Timeline
PublishedJul 23

Description

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5abb/advant_mod_300_advabuild3.03.7 SP2
NVDabb/advabuild3.03.7+1

🔴Vulnerability Details

2
GHSA
GHSA-c2jh-qjfq-m6h4: An attacker could exploit the vulnerability by injecting garbage data or specially crafted data2024-07-23
CVEList
Insufficient access control on Inter process communication,2024-07-23

📋Vendor Advisories

1
Juniper
CVE-2020-1668: On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead2020-10-16