CVE-2020-8472

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 92.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
ABB Base SoftwareABB Control Builder MABB MMS Server+5 more
Timeline
PublishedApr 29
Latest updateMay 24

Description

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user appl

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5abb/base_software_for_softcontrol6.1 and earlier
CVEListV5abb/mms_server_for_ac_800m6.1 and earlier
CVEListV5abb/opc_server_for_ac_800m6.0 and earlier
CVEListV5abb/control_builder_m_professional6.1 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-8mqc-2jhr-7v56: Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 62022-05-24
CVEList
ABB System 800xA Weak File Permissions - different products2020-04-28
CVE-2020-8472 (HIGH CVSS 7.8) | Insufficient folder permissions use | cvebase.io