CVE-2020-8477
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | System 800xA Information Manager | 5 <= 5.1 | affected |
| ABB | System 800xA Information Manager | 6.0 <= 6.0.3.2 | affected |
| ABB | System 800xA Information Manager | 6.1 < 6.1* | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
- CWE-489: CWE-489 Leftover Debug Code
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.