CVE-2020-11640: AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by runni...

Description

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.37%

29.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-269

Affected Software

Vendor	Product	Versions
Abb	Advabuild	>= 3.0, < 3.7
Abb	Advabuild	3.7

References

Timeline

Published: Jul 23, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2020-11640?

AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

How severe is CVE-2020-11640?

CVE-2020-11640 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.37% probability of exploitation in the next 30 days.

How do I fix CVE-2020-11640?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.