AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2.
Conclusion & alert: CVE-2020-11640 is rated Moderate Risk (45.2/100): CVSS High severity, with low exploitation likelihood (EPSS 0.37%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.46% | 0.37% | -0.09% |
| 2 | 2025-12-20 | 0.20% | 0.46% | +0.26% |
| 3 | 2025-12-12 | — | 0.20% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| abb | advabuild | >= 3.0, < 3.7 | cpe:2.3:a:abb:advabuild:*:*:*:*:*:advant_mod_300:*:* |
| abb | advabuild | 3.7 | cpe:2.3:a:abb:advabuild:3.7:-:*:*:*:advant_mod_300:*:* |
| abb | advabuild | 3.7 | cpe:2.3:a:abb:advabuild:3.7:sp1:*:*:*:advant_mod_300:*:* |
| abb | advabuild | 3.7 | cpe:2.3:a:abb:advabuild:3.7:sp2:*:*:*:advant_mod_300:*:* |