Severity
High
Analysis Summary
CVE-2020-8481
Confidential data is written in an unprotected file, which may allow an attacker to login to the affected node as a low privileged user and read confidential data from an unprotected file.
CVE-2020-8479
The affected products are vulnerable to an external entity injection, which may allow an attacker to read arbitrary files from the license server and/or from the network. An attacker could also block the license handling.
CVE-2020-8475
The affected products are vulnerable to a denial-of-service attack, which may allow an attacker to successfully block license handling.
CVE-2020-8476
The affected products are vulnerable to elevation of privileges, which may allow an attacker to alter licenses assigned to system nodes. This could potentially lead to a situation where legitimate nodes in the system network are denied licenses.
CVE-2020-8471
The affected products are vulnerable to weak file permissions, which may allow an attacker to block license handling, escalate privileges, and execute arbitrary code.
Impact
- Information Exposure
- Privilege escalation
- Improper Access Control
Affected Vendors
ABB
Affected Products
Central Licensing System (CLS)
Remediation
Refer to ICS advisory for the complete list of affected products and upgraded patches.