CVE-2020-11639 : An attacker could exploit the vulnerability by injecting garbage data or special

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. For an attack to be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts the communication. An attacker who successfully exploited the vulnerability would be able to manipulate the data in such way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300 and AdvaBuild to crash.

Published 2024-07-23 17:26:55

Updated 2024-07-24 12:55:13

Source Asea Brown Boveri Ltd. (ABB)

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-11639

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2020-11639

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11639

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	N/A	N/A	Asea Brown Boveri Ltd. (ABB)	2024-07-23
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Asea Brown Boveri Ltd. (ABB)	2024-07-23
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-11639

CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
Assigned by:
- 2b718523-d88f-4f37-9bbd-300c20644bf9 (Primary)
- cybersecurity@ch.abb.com (Primary)

References for CVE-2020-11639

https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11639

Products affected by CVE-2020-11639

Exploit prediction scoring system (EPSS) score for CVE-2020-11639

CVSS scores for CVE-2020-11639

CWE ids for CVE-2020-11639

References for CVE-2020-11639