nvd-json-data-feeds/CVE-2020/CVE-2020-84xx/CVE-2020-8478.json

{
  "id": "CVE-2020-8478",
  "sourceIdentifier": "cybersecurity@ch.abb.com",
  "published": "2020-04-29T02:15:11.763",
  "lastModified": "2020-05-13T18:48:00.137",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder."
    },
    {
      "lang": "es",
      "value": "Una protecci\u00f3n insuficiente de las funciones de comunicaci\u00f3n entre procesos en los productos OPC Server para AC 800M, MMS Server para AC 800M y Base Software para SoftControl (todas las versiones publicadas) de ABB System 800xA, permite a un atacante autenticado en el sistema local inyectar datos, afectando la visualizaci\u00f3n en l\u00ednea de los datos del tiempo de ejecuci\u00f3n que se muestran en Control Builder."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4
      },
      {
        "source": "cybersecurity@ch.abb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ]
    },
    {
      "source": "cybersecurity@ch.abb.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:abb:mms_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "296927D5-AF68-488F-A606-818ACD253B75"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:abb:opc_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9BF1B4E-225B-4A2C-A5EB-996A6CCA1F79"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:abb:ac800m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18F5825D-A99A-4109-A08F-114C7D6D3FC3"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:abb:base_software:*:*:*:*:*:softcontrol:*:*",
              "matchCriteriaId": "D30E09D7-4C4D-459F-95DC-3B9FA341E5A4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch",
      "source": "cybersecurity@ch.abb.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}