Description
Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=en&DocumentPartId=&Action=Launch
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
7.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-732
Status
published
Products (4)
abb/base_software
< 6.1
abb/control_builder_m
< 6.1
abb/mms_server
< 6.1
abb/opc_server
< 6.0
Published
Apr 29, 2020
Tracked Since
Feb 18, 2026