CVE-2020-11640

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177	Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:abb:advabuild::::::advant_mod_300::*
	cpe:2.3:a:abb:advabuild:3.7:-::::advant_mod_300::*
	cpe:2.3:a:abb:advabuild:3.7:sp1::::advant_mod_300::*
	cpe:2.3:a:abb:advabuild:3.7:sp2::::advant_mod_300::*

History

No history.

Information

Published : 2024-07-23 18:15

Updated : 2025-12-19 15:57

NVD link : CVE-2020-11640

Mitre link : CVE-2020-11640

CVE.ORG link : CVE-2020-11640

JSON object : View

Products Affected

abb

advabuild

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2020-11640", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-07-23T18:15:05.083", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177", "tags": ["Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the\ncommand queue can use it to launch an attack by running any executable on the AdvaBuild node. The\nexecutables that can be run are not limited to AdvaBuild specific executables.\u00a0\n\nImproper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2."}, {"lang": "es", "value": "AdvaBuild utiliza una cola de comandos para iniciar determinadas operaciones. Un atacante que obtenga acceso a la cola de comandos puede usarla para lanzar un ataque ejecutando cualquier ejecutable en el nodo AdvaBuild. Los ejecutables que se pueden ejecutar no se limitan a ejecutables espec\u00edficos de AdvaBuild. Vulnerabilidad de gesti\u00f3n de privilegios inadecuada en ABB Advant MOD 300 AdvaBuild. Este problema afecta a Advant MOD 300 AdvaBuild: desde 3.0 hasta 3.7 SP2."}], "lastModified": "2025-12-19T15:57:45.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abb:advabuild:*:*:*:*:*:advant_mod_300:*:*", "vulnerable": true, "matchCriteriaId": "2B2DD8A5-17FB-4CCF-ABC0-2388B43D07F2", "versionEndExcluding": "3.7", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:abb:advabuild:3.7:-:*:*:*:advant_mod_300:*:*", "vulnerable": true, "matchCriteriaId": "88348546-89FF-4F82-8246-F9E08B585C78"}, {"criteria": "cpe:2.3:a:abb:advabuild:3.7:sp1:*:*:*:advant_mod_300:*:*", "vulnerable": true, "matchCriteriaId": "4E2D62C1-9F2D-42D5-997B-0880469C82E0"}, {"criteria": "cpe:2.3:a:abb:advabuild:3.7:sp2:*:*:*:advant_mod_300:*:*", "vulnerable": true, "matchCriteriaId": "9D462F34-AD38-4EA0-97CE-9FE7A558920F"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@ch.abb.com"}