CVE-2020-8477

Summary

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.

Affected Software

VendorProductVersion RangeStatus
ABBSystem 800xA Information Manager5 <= 5.1affected
ABBSystem 800xA Information Manager6.0 <= 6.0.3.2affected
ABBSystem 800xA Information Manager6.1 < 6.1*affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)
  • CWE-489: CWE-489 Leftover Debug Code

ADP Enrichment

CVE Program Container

Additional References

References