製品・ソフトウェアに関する情報
Vulnerability Search
ABB の Advant Mod 300 用 AdvaBuild における通信チャネルで送信中のメッセージの整合性への不適切な強制に関する脆弱性
Title ABB の Advant Mod 300 用 AdvaBuild における通信チャネルで送信中のメッセージの整合性への不適切な強制に関する脆弱性
Summary

ABB の Advant Mod 300 用 AdvaBuild には、通信チャネルで送信中のメッセージの整合性への不適切な強制に関する脆弱性が存在します。

Possible impacts 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution

ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date April 8, 2020, midnight
Registration Date Dec. 25, 2025, 11:59 a.m.
Last Update Dec. 25, 2025, 11:59 a.m.
CVSS3.0 : 重要
Score 7.8
Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected System
ABB
AdvaBuild 3.0 以上 3.7 未満
AdvaBuild 3.7
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
その他
Change Log
No Changed Details Date of change
1 [2025年12月25日]
  掲載		 Dec. 25, 2025, 11:59 a.m.
NVD Vulnerability Information
CVE-2020-11639
Summary

An attacker could exploit the vulnerability by
injecting garbage data or specially crafted data. Depending on the data injected each process might be
affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. The attacker could tamper with the data transmitted, causing
the product to store wrong information or act on wrong data or display wrong information.

This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.

For an attack to be successful, the attacker must have local access to a node in the system and be able to
start a specially crafted application that disrupts the communication.
An attacker who successfully exploited the vulnerability would be able to manipulate the data in such
way as allowing reads and writes to the controllers or cause Windows processes in 800xA for MOD 300
and AdvaBuild to crash.

Publication Date July 24, 2024, 3:15 a.m.
Registration Date July 24, 2024, 10 a.m.
Last Update Nov. 21, 2024, 1:58 p.m.
Related information, measures and tools
Common Vulnerabilities List