CVE-2020-8475

ABB Central Licensing System - Denial of Service Vulnerability

Description

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.

Category

5.3
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.36%
Vendor Advisory abb.com Vendor Advisory abb.com
Affected: ABB Central Licensing System
Affected: ABB ABB Ability System 800xA
Affected: ABB Compact HMI
Affected: ABB Control Builder Safe
Affected: ABB Symphony Plus S+ Operations
Affected: ABB Symphony Plus S+ Engineering
Affected: ABB Composer Harmony
Affected: ABB Composer Melody
Affected: ABB Harmony OPC Server Standalone
Affected: ABB Advant OCS Control Builder A
Affected: ABB Composer CTK
Affected: ABB AdvaBuild
Affected: ABB OPC Server for Mod 300 (non-800xA)
Affected: ABB OPC Data Link
Affected: ABB Knowledge Manager
Affected: ABB Manufacturing Operations Management
Affected: ABB Advant OCS AC 100 OPS Server
Affected: ABB ABB Ability™ SCADAvantage
Published at:
Updated at:

References

Link Tags
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch vendor advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch vendor advisory
https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch

Frequently Asked Questions

What is the severity of CVE-2020-8475?
CVE-2020-8475 has been scored as a medium severity vulnerability.
How to fix CVE-2020-8475?
To fix CVE-2020-8475, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-8475 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-8475 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-8475?
CVE-2020-8475 affects ABB Central Licensing System, ABB ABB Ability System 800xA, ABB Compact HMI, ABB Control Builder Safe, ABB Symphony Plus S+ Operations, ABB Symphony Plus S+ Engineering , ABB Composer Harmony, ABB Composer Melody , ABB Harmony OPC Server Standalone, ABB Advant OCS Control Builder A, ABB Composer CTK, ABB AdvaBuild, ABB OPC Server for Mod 300 (non-800xA), ABB OPC Data Link, ABB Knowledge Manager, ABB Manufacturing Operations Management, ABB Advant OCS AC 100 OPS Server, ABB ABB Ability™ SCADAvantage.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.