CVE-2020-8478 : Security Advisory and Response

A vulnerability in ABB System 800xA products allows an attacker to inject data through inter-process communication, affecting runtime data.

Understanding CVE-2020-8478

Insufficient protection in ABB System 800xA products enables data injection by an authenticated attacker, impacting runtime data.

What is CVE-2020-8478?

The vulnerability in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M, and Base Software for SoftControl allows local attackers to inject data, affecting the online view of runtime data.

The Impact of CVE-2020-8478

CVSS Base Score: 5.3 (Medium)
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low
Scope: Unchanged
User Interaction: None

Technical Details of CVE-2020-8478

The vulnerability arises due to insufficient protection of inter-process communication functions in ABB System 800xA products.

Vulnerability Description

The flaw allows an attacker authenticated on the local system to inject data, impacting the online view of runtime data.

Affected Systems and Versions

ABB System 800xA products: OPC Server for AC 800M, MMS Server for AC 800M, Base Software for SoftControl (all versions)

Exploitation Mechanism

Attackers authenticated on the local system can exploit the vulnerability to inject data, affecting the Control Builder's online view of runtime data.

Mitigation and Prevention

Immediate Steps to Take

Apply vendor-provided patches promptly.
Monitor and restrict inter-process communication access.
Implement the principle of least privilege for system users.

Long-Term Security Practices

Regularly update and patch ABB System 800xA products.
Conduct security training for system users to prevent unauthorized access.

Patching and Updates

ABB may release patches to address the vulnerability. Stay informed about patch releases and apply them as soon as they are available.