CVE-2020-8471

CWE-275 CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 83.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB Central Licensing System ABB Composer Melody ABB Symphony Plus S+ Engineering +15 more

Timeline

PublishedApr 29

Latest updateMay 24

Description

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® O…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages20 packages

▶CVEListV5abb/harmony_opc_server_standalone6.0, 6.1, 7.0+2

▶CVEListV5abb/opc_server_for_mod_300_(non-800xa)1.4

▶CVEListV5abb/composer_melody6 — 6.3+1

▶CVEListV5abb/symphony_plus_s+_operations3 — 3.2

▶NVDabb/800xa_system5.1

🔴Vulnerability Details

GHSA

GHSA-wwxr-688j-6wxx: For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5↗2022-05-24

▶

CVEList

ABB Central Licensing System - Weak File Permissions↗2020-04-29

▶