8.8

CVE-2020-11640

EPSS 0.46%
Veröffentlicht 23.07.2024 18:15:05
Zuletzt bearbeitet 19.12.2025 15:57:45
Quelle cybersecurity@ch.abb.com
CVE-Watchlists
Login
Unerledigt
Login

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the
command queue can use it to launch an attack by running any executable on the AdvaBuild node. The
executables that can be run are not limited to AdvaBuild specific executables. 

Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Abb ≫ Advabuild SwPlatformadvant_mod_300 Version >= 3.0 < 3.7

Abb ≫ Advabuild Version3.7 Update- SwPlatformadvant_mod_300

Abb ≫ Advabuild Version3.7 Updatesp1 SwPlatformadvant_mod_300

Abb ≫ Advabuild Version3.7 Updatesp2 SwPlatformadvant_mod_300

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.635

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cybersecurity@ch.abb.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11640

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11640

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11640

EUVD