CVE-2020-8482

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:abb:device_library_wizard::::::::
	cpe:2.3:a:abb:device_library_wizard:6.1.0:::::::*

History

No history.

Information

Published : 2020-05-29 22:15

Updated : 2020-06-01 19:09

NVD link : CVE-2020-8482

Mitre link : CVE-2020-8482

CVE.ORG link : CVE-2020-8482

JSON object : View

Products Affected

abb

device_library_wizard

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2020-8482", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-05-29T22:15:10.817", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121681&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-922"}]}, {"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data"}, {"lang": "es", "value": "Un almacenamiento no seguro de informaci\u00f3n confidencial en las versiones 6.0.X, 6.0.3.1 y 6.0.3.2 de ABB Device Library Wizard, permite a un usuario no autenticado con pocos privilegios leer archivos que contienen datos confidenciales."}], "lastModified": "2020-06-01T19:09:20.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abb:device_library_wizard:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5581EB70-9FF9-487B-A6D5-DAF1530B4F7E", "versionEndIncluding": "6.0.3.2", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:abb:device_library_wizard:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FFF2795-68EE-46F4-9038-59234E88D9B3"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@ch.abb.com"}