Rewterz Threat Advisory – CVE-2020-3205 – Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability
June 4, 2020Rewterz Threat Alert – Lemon Duck Cryptominer Spreads through Covid-19 Themed Emails
June 5, 2020Rewterz Threat Advisory – CVE-2020-3205 – Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability
June 4, 2020Rewterz Threat Alert – Lemon Duck Cryptominer Spreads through Covid-19 Themed Emails
June 5, 2020Severity
Medium
Analysis Summary
CVE-2020-8478
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect the online view of runtime data shown in Control Builder.
CVE-2020-8484
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to manipulate the data to allow reads and writes to the controllers or cause the 800xA for DCI processes to crash.
CVE-2020-8485
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to manipulate the data to allow reads and writes to the controllers or cause the 800xA for MOD 300 processes to crash.
CVE-2020-8486
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability concerning 800xA RNRP would be able to affect node redundancy handling. The attacked node could perceive other nodes to be unavailable, which will disrupt the communication. When running the system in simulation mode, the simulated clock could be affected.
CVE-2020-8487
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability concerning System 800xA Base would be able to affect node redundancy handling. The attacked node could perceive other nodes to be unavailable, which will disrupt the communication. When running the system in simulation mode, the simulated clock could be affected.
CVE-2020-8488
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect how the UI is updated during batch execution. The compare and printing functionality in batch could also be affected.
CVE-2020-8489
The vulnerability is caused by weak access control settings for objects used to exchange information between System 800xA processes on the same machine. An attacker could exploit this vulnerability by injecting garbage data or specially crafted data. An attacker who successfully exploits this vulnerability would be able to affect the runtime values that are to be stored in the archive. Also, this can make information management history services unavailable to the clients.
Impact
Tamper with runtime data in the system
Affected Vendors
ABB
Affected Products
System 800xA
Remediation
Refer to ICS advisory for the list of complete list of affected products and upgraded patches.