{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-11639","assignerOrgId":"2b718523-d88f-4f37-9bbd-300c20644bf9","state":"PUBLISHED","assignerShortName":"ABB","dateReserved":"2020-04-08T00:00:00.000Z","datePublished":"2024-07-23T17:26:55.489Z","dateUpdated":"2024-08-04T11:35:13.593Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Advant MOD 300 AdvaBuild","vendor":"ABB","versions":[{"lessThanOrEqual":"3.7 SP2","status":"affected","version":"3.0","versionType":"update"}]}],"datePublic":"2024-07-22T17:20:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nAn attacker could exploit the vulnerability by\ninjecting garbage data or specially crafted data. Depending on the data injected each process might be\naffected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing\nthe product to store wrong information or act on wrong data or display wrong information.\n\n<br><p>This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.</p><p><br>\n\nFor an attack to be successful, the attacker must have local access to a node in the system and be able to\nstart a specially crafted application that disrupts the communication.\nAn attacker who successfully exploited the vulnerability would be able to manipulate the data in such\nway as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300\nand AdvaBuild to crash.\n\n\n<br></p>"}],"value":"An attacker could exploit the vulnerability by\ninjecting garbage data or specially crafted data. Depending on the data injected each process might be\naffected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing\nthe product to store wrong information or act on wrong data or display wrong information.\n\n\nThis issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.\n\n\n\n\nFor an attack to be successful, the attacker must have local access to a node in the system and be able to\nstart a specially crafted application that disrupts the communication.\nAn attacker who successfully exploited the vulnerability would be able to manipulate the data in such\nway as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300\nand AdvaBuild to crash."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-924","description":"CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2b718523-d88f-4f37-9bbd-300c20644bf9","shortName":"ABB","dateUpdated":"2024-07-23T17:26:55.489Z"},"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nABB recommends changing any user account passwords which are suspected to be known by an unauthorized person. Interactive logon (both local and remote) is recommended to be disabled for service\naccounts.\n\n<br>\n\nPlease note that the vulnerability can only be exploited by authenticated users, so customers are recommended to ensure that only authorized persons have access to user accounts for the computers where\nAdvaBuild is used.\n<br><br>All the vulnerabilities have been corrected in AdvaBuild version 3.7 SP3 released in April 2021.\n<br><br>ABB recommends that customers apply the update at earliest convenience. Users who are unable to install the update should immediately look to implement the “Mitigating factors” listed below as this will\nrestrict or prevent an attacker’s ability to compromise the system.\n\n<br>"}],"value":"ABB recommends changing any user account passwords which are suspected to be known by an unauthorized person. Interactive logon (both local and remote) is recommended to be disabled for service\naccounts.\n\n\n\n\nPlease note that the vulnerability can only be exploited by authenticated users, so customers are recommended to ensure that only authorized persons have access to user accounts for the computers where\nAdvaBuild is used.\n\n\nAll the vulnerabilities have been corrected in AdvaBuild version 3.7 SP3 released in April 2021.\n\n\nABB recommends that customers apply the update at earliest convenience. Users who are unable to install the update should immediately look to implement the “Mitigating factors” listed below as this will\nrestrict or prevent an attacker’s ability to compromise the system."}],"source":{"discovery":"UNKNOWN"},"title":"Insufficient access control on Inter process communication,","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"abb","product":"advabuild","cpes":["cpe:2.3:a:abb:advabuild:3.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected","lessThanOrEqual":"3.7_sp2","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-23T19:03:27.748360Z","id":"CVE-2020-11639","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-23T19:10:57.887Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T11:35:13.593Z"},"title":"CVE Program Container","references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177","tags":["x_transferred"]}]}]}}