{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-8476","assignerOrgId":"2b718523-d88f-4f37-9bbd-300c20644bf9","assignerShortName":"ABB","dateUpdated":"2024-08-04T10:03:45.851Z","dateReserved":"2020-01-30T00:00:00.000Z","datePublished":"2020-04-29T00:00:00.000Z"},"containers":{"cna":{"title":"ABB Central Licensing System - Elevation of Privilege Vulnerability","providerMetadata":{"orgId":"2b718523-d88f-4f37-9bbd-300c20644bf9","shortName":"ABB","dateUpdated":"2022-10-28T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service."}],"affected":[{"vendor":"ABB","product":"Central Licensing System","versions":[{"version":"5.1","status":"affected","lessThan":"5*","versionType":"custom"}]},{"vendor":"ABB","product":"ABB Ability System 800xA","versions":[{"version":"5.1","status":"affected"},{"version":"6.0","status":"affected"},{"version":"6.1","status":"affected"}]},{"vendor":"ABB","product":"Compact HMI","versions":[{"version":"5.1","status":"affected"},{"version":"6.0","status":"affected"}]},{"vendor":"ABB","product":"Control Builder Safe","versions":[{"version":"1.0","status":"affected"},{"version":"1.1","status":"affected"},{"version":"2.0","status":"affected"}]},{"vendor":"ABB","product":"Symphony Plus S+ Operations","versions":[{"version":"3","status":"affected","lessThanOrEqual":"3.2","versionType":"custom"}]},{"vendor":"ABB","product":"Symphony Plus S+ Engineering","versions":[{"version":"1.1","status":"affected","lessThanOrEqual":"2.2","versionType":"custom"}]},{"vendor":"ABB","product":"Composer Harmony","versions":[{"version":"5.1","status":"affected"},{"version":"6.0","status":"affected"},{"version":"6.1","status":"affected"}]},{"vendor":"ABB","product":"Composer Melody","versions":[{"version":"5.3","status":"affected"},{"version":"6","status":"affected","lessThanOrEqual":"6.3","versionType":"custom"}]},{"vendor":"ABB","product":"Harmony OPC Server Standalone","versions":[{"version":"6.0","status":"affected"},{"version":"6.1","status":"affected"},{"version":"7.0","status":"affected"}]},{"vendor":"ABB","product":"Advant OCS Control Builder A","versions":[{"version":"1.3","status":"affected"},{"version":"1.4","status":"affected"}]},{"vendor":"ABB","product":"Composer CTK","versions":[{"version":"6.1","status":"affected"},{"version":"6.2","status":"affected"}]},{"vendor":"ABB","product":"AdvaBuild","versions":[{"version":"3.7 SP1","status":"affected"},{"version":"3.7 SP2","status":"affected"}]},{"vendor":"ABB","product":"OPC Server for Mod 300 (non-800xA)","versions":[{"version":"1.4","status":"affected"}]},{"vendor":"ABB","product":"OPC Data Link","versions":[{"version":"2.1","status":"affected"},{"version":"2.2","status":"affected"}]},{"vendor":"ABB","product":"Knowledge Manager","versions":[{"version":"8.0","status":"affected"},{"version":"9.0","status":"affected"},{"version":"9.1","status":"affected"}]},{"vendor":"ABB","product":"Manufacturing Operations Management","versions":[{"version":"1812","status":"affected"},{"version":"1909","status":"affected"}]},{"vendor":"ABB","product":"Advant  OCS AC 100 OPS Server","versions":[{"version":"5.1","status":"affected"},{"version":"6.0","status":"affected"},{"version":"6.1","status":"affected"}]},{"vendor":"ABB","product":"ABB  Ability™ SCADAvantage","versions":[{"version":"5.1","status":"affected","lessThan":"unspecified","versionType":"custom"},{"version":"unspecified","lessThanOrEqual":"5.6.5","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch"},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch"},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-20 Improper Input Validation","cweId":"CWE-20"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T10:03:45.851Z"},"title":"CVE Program Container","references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch","tags":["x_transferred"]},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch","tags":["x_transferred"]},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch","tags":["x_transferred"]}]}]}}