U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2020-11639

Change History

New CVE Received from Asea Brown Boveri Ltd. (ABB) 7/23/2024 2:15:04 PM

Action Type Old Value New Value
Added Description

								
							
							
						
An attacker could exploit the vulnerability by
injecting garbage data or specially crafted data. Depending on the data injected each process might be
affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing
the product to store wrong information or act on wrong data or display wrong information.


This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.




For an attack to be successful, the attacker must have local access to a node in the system and be able to
start a specially crafted application that disrupts the communication.
An attacker who successfully exploited the vulnerability would be able to manipulate the data in such
way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300
and AdvaBuild to crash.
Added CVSS V3.1

								
							
							
						
Asea Brown Boveri Ltd. (ABB) AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
Asea Brown Boveri Ltd. (ABB) CWE-924
Added Reference

								
							
							
						
Asea Brown Boveri Ltd. (ABB) https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177 [No types assigned]