Attackers Can Launch an Attack by Running Any Executable on the AdvaBuild Node via the Command Queue
CVE-2020-11640

8.8HIGH

Key Information:

Vendor: Abb
Status: Advant Mod 300 Advabuild
Vendor: CVE Published:; 23 July 2024

What is CVE-2020-11640?

A vulnerability exists in the command queue of ABB's Advant MOD 300 AdvaBuild, which can be exploited by an attacker with access to the command queue. This vulnerability permits the execution of arbitrary executables on the AdvaBuild node. Because the attacker is not restricted to executing only AdvaBuild-specific executables, this poses a serious threat to the integrity and security of the system. The risk escalates with the potential for unauthorized access to system commands and operations, leading to compromised systems and data exposure.

Affected Version(s)

Advant MOD 300 AdvaBuild 3.0 <= 3.7 SP2

References

https://search.abb.com/library/Download.aspx?DocumentID=3...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2024
Vulnerability Reserved
Apr 8, 2020

Abb

What is CVE-2020-11640?

Affected Version(s)

References

CVSS V3.1

Timeline