Main Vulnerability Database Vulnerabilities #VU27364

#VU27364 Information disclosure in ABB Central Licensing System (CLS) - CVE-2020-8481

Published: April 27, 2020 / Updated: June 3, 2020

Vulnerability identifier: #VU27364

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8481

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ABB Central Licensing System (CLS)

Software vendor:
ABB

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to and error in the Central Licensing System. A local user can gain unauthorized access to sensitive material within log files, which could be used to obtain full administrative control of the host.

This vulnerability affects the following ABB CLS products:

ABB Ability System 800xA and related system extensions: Versions 5.1, 6.0, 6.1
Compact HMI: Versions 5.1, 6.0
Control Builder Safe: Versions 1.0, 1.1, 2.0
ABB Ability Symphony Plus – S+ Operations: Versions 3.0 to 3.2
ABB Ability Symphony Plus – S+ Engineering: Versions 1.1 to 2.2
Composer Harmony: Versions 5.1, 6.0, 6.1
Composer Melody (incl. SPE for Melody 1.0 SPx): Versions 5.3, 6.1, 6.2, 6.3
Harmony OPC Server (HAOPC): Standalone Versions 6.0, 6.1, 7.0
ABB Ability System 800xA / Advant OCS Control Builder A: Versions 1.3, 1.4
Advant OCS AC 100 OPC Server: Versions 5.1, 6.0, 6.1
Composer CTK: Versions 6.1, 6.2
AdvaBuild: Versions 3.7 SP1, 3.7 SP2
OPC Server MOD 300 (non-800xA): Version 1.4
OPC Data Link: Versions 2.1, 2.2
ABB Ability Knowledge Manager: Versions 8.0, 9.0, 9.1
ABB Ability Manufacturing Operations Management: Versions 1812, 1909

Remediation

Install updates from vendor's website.

#VU27364 Information disclosure in ABB Central Licensing System (CLS) - CVE-2020-8481

Description

Remediation

External links

Please verify you're human