CVE-2020-8477

HIGH

ABB System 800xA Information Manager - XSS

Title source: llm

Description

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code.

References (1)

[Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 8.8

EPSS 0.0071

EPSS Percentile 72.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-489 CWE-79

Status published

Products (3)

abb/800xa_information_manager 5.1

abb/800xa_information_manager 6.1

abb/800xa_information_manager 6.0.0 - 6.0.3.2

Published Apr 22, 2020

Tracked Since Feb 18, 2026