CVE-2020-8472

Name of the Vulnerable Software and Affected Versions ABB System 800xA products OPCServer for AC800M versions 6.0 and earlier ABB System 800xA products Control Builder M Professional versions 6.0 and earlier ABB System 800xA products MMSServer for AC800M versions 6.0 and earlier ABB System 800xA products Base Software for SoftControl version 6.1 and earlier

Description The issue is related to insufficient folder permissions used by system functions, allowing low privileged users to read, modify, add, and delete system and application files. An authenticated attacker could exploit this to escalate privileges, cause system functions to stop, and corrupt user applications.

Recommendations For ABB System 800xA products OPCServer for AC800M versions 6.0 and earlier, update to a version later than 6.0 to resolve the issue. For ABB System 800xA products Control Builder M Professional versions 6.0 and earlier, update to a version later than 6.0 to resolve the issue. For ABB System 800xA products MMSServer for AC800M versions 6.0 and earlier, update to a version later than 6.0 to resolve the issue. For ABB System 800xA products Base Software for SoftControl version 6.1 and earlier, update to a version later than 6.1 to resolve the issue.