CVE-2020-8481— 多款ABB产品信息泄露漏洞

ABB Central Licensing System - Information disclosure

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

信息暴露

多款ABB产品信息泄露漏洞

ABB Ability System 800xA等都是瑞士ABB公司的产品。ABB Ability System 800xA是一套用于工控行业的分布式控制系统。ABB Compact HMI是一套监控和数据采集系统。ABB Control Builder Safe是一款用于配置和下载AC 800M High Integrity安全应用程序的工程工具。 多款ABB产品中存在信息泄露漏洞，该漏洞源于程序将敏感信息写入到未被保护的文件。攻击者可利用该漏洞完全控制设备。以下产品及受到影响：ABB Ability

N/A

N/A