CVE-2020-8477

Published: Apr 22, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.

Affected (3)

Products: Abb: 800xa Information Manager

1 product

800xa Information Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Abb 800xa Information Manager	From 6.0.0 to 6.0.3.2
Abb 800xa Information Manager	Version 5.1
Abb 800xa Information Manager	Version 6.1

Related CWEs

Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@ch.abb.com

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.