Vulnerability Description
Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Control Builder M | <= 6.1 |
| Abb | Mms Server | <= 6.1 |
| Abb | Opc Server | <= 6.0 |
| Abb | Ac800M | - |
| Abb | Base Software | <= 6.1 |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=Vendor Advisory
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=Vendor Advisory
FAQ
What is CVE-2020-8472?
CVE-2020-8472 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Sof...
How severe is CVE-2020-8472?
CVE-2020-8472 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8472?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Control Builder M, Abb Mms Server, Abb Opc Server, Abb Ac800M, Abb Base Software.