CVE-2020-8478

CWE-264CWE-743 documents3 sources
Severity
3.3LOW
EPSS
0.1%
top 84.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ABB Base Software FOR SoftcontrolABB MMS Server FOR AC 800mABB OPC Server FOR AC 800m
Timeline
PublishedApr 29
Latest updateMay 24

Description

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages3 packages

CVEListV5abb/mms_server_for_ac_800mall versions
CVEListV5abb/opc_server_for_ac_800mall versions
CVEListV5abb/base_software_for_softcontrolall versions

🔴Vulnerability Details

2
GHSA
GHSA-hjpp-qfqw-hpvq: Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and B2022-05-24
CVEList
ABB System 800xA Inter process communication vulnerability2020-04-29
CVE-2020-8478 (LOW CVSS 3.3) | Insufficient protection of the inte | cvebase.io