CVE-2020-11639
July 23, 2024, 6:15 p.m.
Tags
CVSS Score
Product(s) Impacted
Advant MOD 300 AdvaBuild
- 3.0
- 3.1
- 3.2
- 3.3
- 3.4
- 3.5
- 3.6
- 3.7 SP2
Description
An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. For an attack to be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts the communication. An attacker who successfully exploited the vulnerability would be able to manipulate the data in such way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300 and AdvaBuild to crash.
Weaknesses
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
CWE ID: 924Date
Published: July 23, 2024, 6:15 p.m.
Last Modified: July 23, 2024, 6:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cybersecurity@ch.abb.com
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H