CVE-2020-8477

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:abb:800xa_information_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:abb:800xa_information_manager:5.1:*:*:*:*:*:*:*
cpe:2.3:a:abb:800xa_information_manager:6.1:*:*:*:*:*:*:*

History

21 Nov 2024, 05:38

Type Values Removed Values Added
References () https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory () https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

Information

Published : 2020-04-22 15:15

Updated : 2024-11-21 05:38


NVD link : CVE-2020-8477

Mitre link : CVE-2020-8477

CVE.ORG link : CVE-2020-8477


JSON object : View

Products Affected

abb

  • 800xa_information_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-489

Active Debug Code