CVE-2020-11640

Elevation of Privilege

CVSS 8.8 HIGHEPSS 0.4%CWE-269

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

23 Jul 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

ABB · Advant MOD 300 AdvaBuild

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177