CVE-2020-8475

Name of the Vulnerable Software and Affected Versions ABB Ability System 800xA versions 5.1 through 6.1 Compact HMI versions 5.1 through 6.0 Control Builder Safe versions 1.0 through 2.0 Symphony Plus -S+ Operations versions 3.0 through 3.2 Symphony Plus -S+ Engineering versions 1.1 through 2.2 Composer Harmony versions 5.1 through 6.1 Melody Composer versions 5.3, 6.1/6.2 SPE for Melody version 1.0SPx Harmony OPC Server (HAOPC) Standalone versions 6.0 through 7.0 ABB Ability System 800xA/ Advant OCS Control Builder A versions 1.3 through 1.4 Advant OCS AC100 OPC Server versions 5.1 through 6.1 Composer CTK versions 6.1 through 6.2 AdvaBuild versions 3.7 SP1 through 3.7 SP2 OPCServer for MOD 300 (non-800xA) version 1.4 OPC Data Link versions 2.1 through 2.2 Knowledge Manager versions 8.0 through 9.1 Manufacturing Operations Management versions 1812 through 1909 ABB Ability SCADAvantage versions 5.1 through 5.6.5

Description A weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.

Recommendations For ABB Ability System 800xA versions 5.1 through 6.1, update to a version that includes the fix for the input validation weakness. For Compact HMI versions 5.1 through 6.0, update to a version that includes the fix for the input validation weakness. For Control Builder Safe versions 1.0 through 2.0, update to a version that includes the fix for the input validation weakness. For Symphony Plus -S+ Operations versions 3.0 through 3.2, update to a version that includes the fix for the input validation weakness. For Symphony Plus -S+ Engineering versions 1.1 through 2.2, update to a version that includes the fix for the input validation weakness. For Composer Harmony versions 5.1 through 6.1, update to a version that includes the fix for the input validation weakness. For Melody Composer versions 5.3, 6.1/6.2, update to a version that includes the fix for the input validation weakness. For SPE for Melody version 1.0SPx, update to a version that includes the fix for the input validation weakness. For Harmony OPC Server (HAOPC) Standalone versions 6.0 through 7.0, update to a version that includes the fix for the input validation weakness. For ABB Ability System 800xA/ Advant OCS Control Builder A versions 1.3 through 1.4, update to a version that includes the fix for the input validation weakness. For Advant OCS AC100 OPC Server versions 5.1 through 6.1, update to a version that includes the fix for the input validation weakness. For Composer CTK versions 6.1 through 6.2, update to a version that includes the fix for the input validation weakness. For AdvaBuild versions 3.7 SP1 through 3.7 SP2, update to a version that includes the fix for the input validation weakness. For OPCServer for MOD 300 (non-800xA) version 1.4, update to a version that includes the fix for the input validation weakness. For OPC Data Link versions 2.1 through 2.2, update to a version that includes the fix for the input validation weakness. For Knowledge Manager versions 8.0 through 9.1, update to a version that includes the fix for the input validation weakness. For Manufacturing Operations Management versions 1812 through 1909, update to a version that includes the fix for the input validation weakness. For ABB Ability SCADAvantage versions 5.1 through 5.6.5, update to a version that includes the fix for the input validation weakness.