CVE-2020-8479
📋 TL;DR
This is an XML External Entity (XXE) injection vulnerability in ABB's Central Licensing Server component that allows attackers to read arbitrary files from the license server or network and potentially block license handling. It affects multiple ABB industrial control system products including System 800xA, Symphony Plus, and SCADAvantage. Organizations using these ABB products in critical infrastructure are at risk.
💻 Affected Systems
- ABB Ability System 800xA
- Compact HMI
- Control Builder Safe
- Symphony Plus Operations
- Symphony Plus Engineering
- Composer Harmony
- Melody Composer
- Harmony OPC Server
- Advant OCS Control Builder A
- Advant OCS AC100 OPC Server
- Composer CTK
- AdvaBuild
- OPCServer for MOD 300
- OPC Data Link
- Knowledge Manager
- Manufacturing Operations Management
- ABB Ability SCADAvantage
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of license server allowing file system access, potential credential theft, and denial of service to critical industrial control systems.
Likely Case
Unauthorized file reading from license server, potential exposure of sensitive configuration files, and disruption of license management.
If Mitigated
Limited impact with proper network segmentation and XML parsing restrictions in place.
🎯 Exploit Status
XXE vulnerabilities are typically easy to exploit with standard XML payloads. No public exploit code identified but vulnerability is well-understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to ABB security advisories for specific product updates
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Review ABB security advisories for affected products. 2. Apply vendor-provided patches. 3. Restart affected systems. 4. Verify patch installation.
🔧 Temporary Workarounds
Disable XML external entity processing
allConfigure XML parsers to disable external entity resolution
Specific configuration depends on XML parser implementation. Set features like FEATURE_SECURE_PROCESSING to true.
Network segmentation
allIsolate license servers from untrusted networks
Implement firewall rules to restrict access to license server ports
🧯 If You Can't Patch
- Implement strict network segmentation to isolate license servers
- Deploy web application firewall with XXE protection rules
- Monitor for unusual XML payloads to license server endpoints
🔍 How to Verify
Check if Vulnerable:
Check product versions against affected lists in ABB advisories. Test with XXE payloads if authorized.Check Version:
Product-specific commands vary. Check ABB documentation for version verification methods.Verify Fix Applied:
Verify patch installation through version checks and test with XXE payloads in controlled environment.📡 Detection & Monitoring
Log Indicators:
- Unusual XML requests to license server
- File access attempts via XML entities
- License server errors or crashes
Network Indicators:
- XML payloads containing external entity declarations
- Unusual outbound connections from license server
SIEM Query:
source="license_server" AND (message="*ENTITY*" OR message="*SYSTEM*" OR message="*PUBLIC*")🔗 References
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121230&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA121231&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=3CCA2020-003309&LanguageCode=en&DocumentPartId=&Action=Launch
