Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8478— ABB System 800xA Inter process communication vulnerability

CVSS 5.3 · Medium EPSS 0.05% · P16
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-8478

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ABB System 800xA Inter process communication vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
权限、特权和访问控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
ABB Ability System 800xA 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ABB Ability System 800xA是瑞士ABB公司的一套用于工控行业的分布式控制系统。 ABB System 800xA(所有版本)中存在注入漏洞。本地攻击者可利用该漏洞注入数据,影响Control Builder中显示的运行时数据视图。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
ABBOPC Server for AC 800M all versions -
ABBMMS Server for AC 800M all versions -
ABBBase Software for SoftControl all versions -

II. Public POCs for CVE-2020-8478

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-8478

登录查看更多情报信息。

Same Patch Batch · ABB · 2020-04-29 · 13 CVEs total

CVE-2020-84819.8 CRITICALABB Central Licensing System - Information disclosure
CVE-2020-84799.4 CRITICALABB Central Licensing System - XML External Entity Injection
CVE-2020-84897.8 HIGHABB System 800xA Inter process communication vulnerability - 800xA Information Management
CVE-2020-84887.8 HIGHABB System 800xA Inter process communication vulnerability - 800xA Batch Management
CVE-2020-84857.8 HIGHABB System 800xA Inter process communication vulnerability - 800xA for Mod 300
CVE-2020-84847.8 HIGHABB System 800xA Inter process communication vulnerability - 800xA for DCI
CVE-2020-84717.8 HIGHABB Central Licensing System - Weak File Permissions
CVE-2020-84876.6 MEDIUMABB System 800xA Inter process communication vulnerability - System 800xA Base
CVE-2020-84866.6 MEDIUMABB System 800xA Inter process communication vulnerability - 800xA RNRP
CVE-2020-84755.3 MEDIUMABB Central Licensing System - Denial of Service Vulnerability
CVE-2020-84765.3 MEDIUMABB Central Licensing System - Elevation of Privilege Vulnerability
CVE-2019-5620ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function

IV. Related Vulnerabilities

Same product: OPC Server for AC 800M
Same vendor: ABB
Same weakness: CWE-264

V. Comments for CVE-2020-8478

No comments yet

Leave a comment