CVE-2020-8482

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data

CVSS v3 7.8 HIGH
CVSS v2.0 2.1 LOW

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:abb:device_library_wizard::::::::
	cpe:2.3:a:abb:device_library_wizard:6.1.0:::::::*

History

21 Nov 2024, 05:38

Type	Values Removed	Values Added
CVSS	v2 : ~~2.1~~ v3 : ~~5.5~~	v2 : 2.1 v3 : 7.8
References	~~() https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory~~	() https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

Information

Published : 2020-05-29 22:15

Updated : 2024-11-21 05:38

NVD link : CVE-2020-8482

Mitre link : CVE-2020-8482

CVE.ORG link : CVE-2020-8482

JSON object : View

Products Affected

abb

device_library_wizard

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2020-8482", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-05-29T22:15:10.817", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-922"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data"}, {"lang": "es", "value": "Un almacenamiento no seguro de informaci\u00f3n confidencial en las versiones 6.0.X, 6.0.3.1 y 6.0.3.2 de ABB Device Library Wizard, permite a un usuario no autenticado con pocos privilegios leer archivos que contienen datos confidenciales."}], "lastModified": "2024-11-21T05:38:55.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abb:device_library_wizard:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5581EB70-9FF9-487B-A6D5-DAF1530B4F7E", "versionEndIncluding": "6.0.3.2", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:abb:device_library_wizard:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FFF2795-68EE-46F4-9038-59234E88D9B3"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@ch.abb.com"}

7.8 /10