Attackers Can Launch an Attack by Running Any Executable on the AdvaBuild Node via the Command Queue

CVE-2020-11640

8.8HIGH

Key Information

Vendor: Abb
Status: Advant Mod 300 Advabuild
Vendor: CVE Published:; 23 July 2024

Summary

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

Affected Version(s)

Advant MOD 300 AdvaBuild <= 3.7 SP2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 23, 2024
Vulnerability Reserved.
Apr 8, 2020

Collectors

NVD DatabaseMitre Database