Strix
26.1K

CVE-2020-11639

HIGHCVSS 7.8/10EPSS 0.13%

Last modified

CVE-2020-11639 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. EPSS estimates a 0.13% chance of exploitation in the next 30 days.

Description

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. For an attack to be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts the communication. An attacker who successfully exploited the vulnerability would be able to manipulate the data in such way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300 and AdvaBuild to crash.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.13%

2.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AbbAdvabuild>= 3.0, < 3.7
AbbAdvabuild3.7

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2020-11639?
An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing the product to store wrong information or act on wrong data or display wrong information. This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. For an attack to be successful, the attacker must have local access to a node in the system and be able to start a specially crafted application that disrupts the communication. An attacker who successfully exploited the vulnerability would be able to manipulate the data in such way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300 and AdvaBuild to crash.
How severe is CVE-2020-11639?
CVE-2020-11639 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.13% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11639?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11639?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST