CVE-2020-8481

Name of the Vulnerable Software and Affected Versions ABB Ability System 800xA versions 5.1 through 6.1 Compact HMI versions 5.1 through 6.0 Control Builder Safe versions 1.0 through 2.0 Symphony Plus -S+ Operations versions 3.0 through 3.2 Symphony Plus -S+ Engineering versions 1.1 through 2.2 Composer Harmony versions 5.1 through 6.1 Melody Composer versions 5.3, 6.1/6.2 SPE for Melody version 1.0SPx Harmony OPC Server (HAOPC) Standalone versions 6.0 through 7.0 ABB Ability System 800xA/ Advant OCS Control Builder A versions 1.3 through 1.4 Advant OCS AC100 OPC Server versions 5.1 through 6.1 Composer CTK versions 6.1 through 6.2 AdvaBuild versions 3.7 SP1 through 3.7 SP2 OPCServer for MOD 300 (non-800xA) version 1.4 OPC Data Link versions 2.1 through 2.2 Knowledge Manager versions 8.0 through 9.1 Manufacturing Operations Management versions 1812 through 1909

Description Confidential data is written in an unprotected file, allowing an attacker who successfully exploits this issue to take full control of the computer.

Recommendations For ABB Ability System 800xA versions 5.1 through 6.1, update to a version that fixes the issue. For Compact HMI versions 5.1 through 6.0, update to a version that fixes the issue. For Control Builder Safe versions 1.0 through 2.0, update to a version that fixes the issue. For Symphony Plus -S+ Operations versions 3.0 through 3.2, update to a version that fixes the issue. For Symphony Plus -S+ Engineering versions 1.1 through 2.2, update to a version that fixes the issue. For Composer Harmony versions 5.1 through 6.1, update to a version that fixes the issue. For Melody Composer versions 5.3, 6.1/6.2, update to a version that fixes the issue. For SPE for Melody version 1.0SPx, update to a version that fixes the issue. For Harmony OPC Server (HAOPC) Standalone versions 6.0 through 7.0, update to a version that fixes the issue. For ABB Ability System 800xA/ Advant OCS Control Builder A versions 1.3 through 1.4, update to a version that fixes the issue. For Advant OCS AC100 OPC Server versions 5.1 through 6.1, update to a version that fixes the issue. For Composer CTK versions 6.1 through 6.2, update to a version that fixes the issue. For AdvaBuild versions 3.7 SP1 through 3.7 SP2, update to a version that fixes the issue. For OPCServer for MOD 300 (non-800xA) version 1.4, update to a version that fixes the issue. For OPC Data Link versions 2.1 through 2.2, update to a version that fixes the issue. For Knowledge Manager versions 8.0 through 9.1, update to a version that fixes the issue. For Manufacturing Operations Management versions 1812 through 1909, update to a version that fixes the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.