CVE-2020-11639

EPSS 0.14%
Veröffentlicht 23.07.2024 18:15:04
Zuletzt bearbeitet 19.12.2025 15:58:15
Quelle cybersecurity@ch.abb.com
CVE-Watchlists
Login
Unerledigt
Login

An attacker could exploit the vulnerability by
injecting garbage data or specially crafted data. Depending on the data injected each process might be
affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing
the product to store wrong information or act on wrong data or display wrong information.


This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.




For an attack to be successful, the attacker must have local access to a node in the system and be able to
start a specially crafted application that disrupts the communication.
An attacker who successfully exploited the vulnerability would be able to manipulate the data in such
way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300
and AdvaBuild to crash.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Abb ≫ Advabuild SwPlatformadvant_mod_300 Version >= 3.0 < 3.7

Abb ≫ Advabuild Version3.7 Update- SwPlatformadvant_mod_300

Abb ≫ Advabuild Version3.7 Updatesp1 SwPlatformadvant_mod_300

Abb ≫ Advabuild Version3.7 Updatesp2 SwPlatformadvant_mod_300

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cybersecurity@ch.abb.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11639

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11639

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11639

EUVD