CVE-2020-11640

HIGH

ABB AdvaBuild 3.0-3.7 SP2 - Unauthenticated Remote Code Execution via Command Queue

Title source: llm

Description

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

References (1)

Core 1

Core References

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=3BUA003421&LanguageCode=en&DocumentPartId=&Action=Launch&_ga=2.200044199.882581162.1721753430-284724496.1718609177

Scores

CVSS v3 8.8

EPSS 0.0046

EPSS Percentile 64.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

abb/advabuild 3.7 (3 CPE variants)

abb/advabuild 3.0 - 3.7

Published Jul 23, 2024

Tracked Since Feb 18, 2026