CVE-2020-8477

Name of the Vulnerable Software and Affected Versions ABB System 800xA Information Manager versions 5.1, 6.0 through 6.0.3.2, 6.1

Description The issue arises from the incorrect inclusion of an auxiliary component in the installations, allowing an attacker to perform an XSS-like attack on an authenticated local user. This could potentially lead to the execution of arbitrary code. The vulnerability exists due to inadequate protection of the web page structure, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For versions 5.1, 6.0 through 6.0.3.2, 6.1, consider removing or disabling the auxiliary component to prevent exploitation until a proper fix is available. Restrict access to the vulnerable component of the Information Manager to minimize the risk of exploitation.