Description
Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- ABB / Base Software for SoftControl6.1 and earlier – 6.1 and earlier
- ABB / Control Builder M Professional6.1 and earlier – 6.1 and earlier
- ABB / MMS Server for AC 800M6.1 and earlier – 6.1 and earlier
- ABB / OPC Server for AC 800M6.0 and earlier – 6.0 and earlier