CVE-2020-11639

Name of the Vulnerable Software and Affected Versions Advant MOD 300 AdvaBuild versions 3.0 through 3.7 SP2

Description An attacker could exploit the issue by injecting specially crafted data, potentially causing a denial-of-service attack through process crashes or communication issues on the affected node. The attacker could also tamper with transmitted data, leading to incorrect information being stored, acted upon, or displayed. To be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts communication. A successful exploitation could allow an attacker to manipulate data, enabling reads and writes to controllers or causing Windows processes in 800xA for MOD 300 and AdvaBuild to crash.

Recommendations For Advant MOD 300 AdvaBuild versions 3.0 through 3.7 SP2, consider restricting local access to nodes in the system and limiting the ability to start specially crafted applications that could disrupt communication as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.