Vulnerability Description
An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. For an attack to be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts the communication. An attacker who successfully exploited the vulnerability would be able to manipulate the data in such way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300 and AdvaBuild to crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Advabuild | >= 3.0, < 3.7 |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=Vendor Advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=Vendor Advisory
FAQ
What is CVE-2020-11639?
CVE-2020-11639 is a vulnerability with a CVSS score of 7.8 (HIGH). An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or c...
How severe is CVE-2020-11639?
CVE-2020-11639 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11639?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Advabuild.