CVE-2020-8475

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 54.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ABB ABB Ability™ Scadavantage ABB Central Licensing System ABB Composer Melody +16 more

Timeline

PublishedApr 29

Latest updateMay 24

Description

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® O…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages21 packages

▶CVEListV5abb/harmony_opc_server_standalone6.0, 6.1, 7.0+2

▶CVEListV5abb/opc_server_for_mod_300_(non-800xa)1.4

▶CVEListV5abb/composer_melody6 — 6.3+1

▶CVEListV5abb/symphony_plus_s+_operations3 — 3.2

▶NVDabb/800xa_system6 versions+5

🔴Vulnerability Details

GHSA

GHSA-wfh9-g9j2-x793: For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5↗2022-05-24

▶

CVEList

ABB Central Licensing System - Denial of Service Vulnerability↗2020-04-29

▶