{"{\"title\":\"Data Injection Vulnerability Could Lead to Denial-of-Service Attacks\"}","{\"title\":\"Attacker Can Manipulate Data, Cause System Crashes\"}"}
CVE-2020-11639

7.8HIGH

Key Information:

Vendor: Abb
Status: Advant Mod 300 Advabuild
Vendor: CVE Published:; 23 July 2024

What is CVE-2020-11639?

A vulnerability exists in the Advant MOD 300 AdvaBuild that could be exploited by an attacker with local access to inject specially crafted data. This malformed data can lead to various issues such as process crashes, communication breakdowns, or incorrect data being processed. The implications of this might include data integrity problems, resulting in the system storing or displaying erroneous information. An attacker's ability to manipulate the system could extend to reading and writing operations on controllers, potentially affecting other processes associated with Windows 800xA systems linked to MOD 300 and AdvaBuild. For successful exploitation, the attacker must execute a specifically crafted application that disrupts system communication.

Affected Version(s)

Advant MOD 300 AdvaBuild 3.0 <= 3.7 SP2

References

https://search.abb.com/library/Download.aspx?DocumentID=3...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2024
Vulnerability Reserved
Apr 8, 2020

Abb

What is CVE-2020-11639?

Affected Version(s)

References

CVSS V3.1

Timeline