#VU27358 Permissions, Privileges, and Access Controls in ABB Other software
Vulnerability identifier: #VU27358
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
Exploitation vector: Local
Exploit availability:
Vulnerable software:
OPC Server for AC 800M
Other software /
Other software solutions
Control Builder M Professional
Other software /
Other software solutions
MMS Server for AC 800M
Other software /
Other software solutions
Base Software for SoftControl
Other software /
Other software solutions
Vendor: ABB
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to weak file permissions. A local user can modify the system-wide configuration and gain elevated privileges on the target system, or generate denialof-service effects through file deletion or modification.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
OPC Server for AC 800M: 6.0
Control Builder M Professional: 6.1
MMS Server for AC 800M: 6.1
Base Software for SoftControl: 6.1
Fixed software versions
CPE
External links
http://applied-risk.com/assets/uploads/whitepapers/AR2020002-ABB-800xA-MultipleVulnerabilities.pdf
http://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=en&DocumentPartId=&Action=Launch
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
