CVE-2020-24672 — Insufficient Verification of Data Authenticity in Base Software FOR Softcontrol

CWE-345 — Insufficient Verification of Data Authenticity CWE-862 — Missing Authorization CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 64.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Base Software FOR Softcontrol ABB Base Software

Timeline

PublishedSep 8

Latest updateMay 24

Description

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5abb/base_software_for_softcontrol6.1 — 6.1

▶NVDabb/base_software6.1

🔴Vulnerability Details

GHSA

GHSA-j797-3649-cx2v: A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product↗2022-05-24

▶

CVEList

ABB Base Software for SoftControl Remote Code Execution vulnerability↗2021-09-08

▶