First published: Tue Apr 28 2020(Updated: )
Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.
Credit: cybersecurity@ch.abb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Abb Control Builder M | <=6.1 | |
Abb Mms Server | <=6.1 | |
Abb Opc Server | <=6.0 | |
Abb Ac800m | ||
Abb Base Software | <=6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-8472.
The severity of CVE-2020-8472 is high, with a score of 7.8.
ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) are affected.
This vulnerability allows low privileged users to read, modify, add, and delete files on the affected systems.
ABB has provided a security advisory with detailed instructions on how to mitigate this vulnerability. Please refer to the ABB security advisory for CVE-2020-8472 for the necessary steps.