CVE-2020-11640Improper Privilege Management in Advabuild

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 35.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ABB AdvabuildABB Advant MOD 300 Advabuild
Timeline
PublishedJul 23

Description

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5abb/advant_mod_300_advabuild3.03.7 SP2
NVDabb/advabuild3.03.7+1

🔴Vulnerability Details

2
GHSA
GHSA-6mjp-g2rf-hh5w: AdvaBuild uses a command queue to launch certain operations2024-07-23
CVEList
Elevation of Privilege2024-07-23
CVE-2020-11640 — Improper Privilege Management in ABB | cvebase