CVE-2020-8471

Summary

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
ABBCentral Licensing System5.1 < 5*affected
ABBABB Ability System 800xA5.1affected
ABBABB Ability System 800xA6.0affected
ABBABB Ability System 800xA6.1affected
ABBCompact HMI5.1affected
ABBCompact HMI6.0affected
ABBControl Builder Safe1.0affected
ABBControl Builder Safe1.1affected
ABBControl Builder Safe2.0affected
ABBSymphony Plus S+ Operations3 <= 3.2affected
ABBSymphony Plus S+ Engineering1.1 <= 2.2affected
ABBComposer Harmony5.1affected
ABBComposer Harmony6.0affected
ABBComposer Harmony6.1affected
ABBComposer Melody5.3affected
ABBComposer Melody6 <= 6.3affected
ABBHarmony OPC Server Standalone6.0affected
ABBHarmony OPC Server Standalone6.1affected
ABBHarmony OPC Server Standalone7.0affected
ABBAdvant OCS Control Builder A1.3affected
ABBAdvant OCS Control Builder A1.4affected
ABBComposer CTK6.1affected
ABBComposer CTK6.2affected
ABBAdvaBuild3.7 SP1affected
ABBAdvaBuild3.7 SP2affected
ABBOPC Server for Mod 300 (non-800xA)1.4affected
ABBOPC Data Link2.1affected
ABBOPC Data Link2.2affected
ABBKnowledge Manager8.0affected
ABBKnowledge Manager9.0affected
ABBKnowledge Manager9.1affected
ABBManufacturing Operations Management1812affected
ABBManufacturing Operations Management1909affected
ABBAdvant OCS AC 100 OPS Server5.1affected
ABBAdvant OCS AC 100 OPS Server6.0affected
ABBAdvant OCS AC 100 OPS Server6.1affected

Weaknesses

  • CWE-275: CWE-275 Permission Issues

ADP Enrichment

CVE Program Container

Additional References

References