Vulnerability identifier: #VU61403
Vulnerability risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-250
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
OPC Server for AC 800M
Other software /
Other software solutions
Control Builder Safe
Other software /
Other software solutions
800xA Control Software for AC 800M
Other software /
Other software solutions
Compact Product Suite - Control and I/O
Other software /
Other software solutions
Vendor: ABB
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to application binary has a setuid bit. A remote user on the local network can run the affected binary and execute arbitrary code on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
OPC Server for AC 800M: 5.1.0-0 - 6.0.0-3
Control Builder Safe: 1.0 - 2.0
800xA Control Software for AC 800M: All versions
Compact Product Suite - Control and I/O: All versions
External links
http://search.abb.com/library/Download.aspx?DocumentID=7PAA000908&LanguageCode=en&DocumentPartId=&Action=Launch
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.