CVE-2020-8473 Vulnerability Details

  /     /     /  

CVE-2020-8473 Metadata Quick Info

CVE Published: 28/04/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: ABB | Vendor: ABB | Product: System 800xA Base
Status : PUBLISHED

---

CVE-2020-8473 Description

Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.

Metrics

CVSS Version: 3.1 | Base Score: 7.3 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-732
CWE Name: CWE-732 Incorrect Permission Assignment for Critical Resource
Source: ABB

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).