#VU27358 Permissions, Privileges, and Access Controls in ABB Other software

Published: 2020-04-27 | Updated: 2020-06-03

Vulnerability identifier: #VU27358

Vulnerability risk: Low


CVE-ID: CVE-2020-8472


Exploitation vector: Local

Exploit availability:

Vulnerable software:
OPC Server for AC 800M
Other software / Other software solutions
Control Builder M Professional
Other software / Other software solutions
MMS Server for AC 800M
Other software / Other software solutions
Base Software for SoftControl
Other software / Other software solutions

Vendor: ABB


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to weak file permissions. A local user can modify the system-wide configuration and gain elevated privileges on the target system, or generate denialof-service effects through file deletion or modification.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

OPC Server for AC 800M: 6.0

Control Builder M Professional: 6.1

MMS Server for AC 800M: 6.1

Base Software for SoftControl: 6.1

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability