CVE-2020-8475

EUVD-2020-29341
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
ABBCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
abb800xa_system
5.1
abb800xa_system
5.1:feature_pack_4
abb800xa_system
5.1:feature_pack_4_revision_d
abb800xa_system
5.1:revision_a
abb800xa_system
5.1:revision_b
abb800xa_system
5.1:revision_c
abb800xa_system
5.1:revision_d
abb800xa_system
5.1:revision_e
abb800xa_system
5.1:revision_e_feature_pack_4
abb800xa_system
6.0
abb800xa_system
6.0.1
abb800xa_system
6.0.3
abb800xa_system
6.0.3.3
abb800xa_system
6.1
abbcompact_hmi
5.1
abbcompact_hmi
5.1:feature_pack_4_revision_d
abbcompact_hmi
5.1:revision_b
abbcompact_hmi
5.1:revision_d
abbcompact_hmi
6.0.1-1
abbcompact_hmi
6.0.3-2
abbcontrol_builder_safe
1.0
abbcontrol_builder_safe
1.1
abbcontrol_builder_safe
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch