CVE-2015-6607 ABB CVE debrief

Who should care

Organizations using Android versions before 5.1.1 LMY48T and ABB B&R Automation Studio versions before 6.5 should prioritize patching this vulnerability. Attackers could exploit this vulnerability to gain privileges on affected systems.

Technical summary

The vulnerability exists in SQLite, a widely used database library, before version 3.8.9. SQLite is used in Android before version 5.1.1 LMY48T. An attacker could exploit this vulnerability by creating a crafted application that, when executed, could lead to privilege escalation. The vulnerability's CVSS vector is CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C, indicating a low severity score of 3.7. ABB B&R Automation Studio is also affected, with a fix available in version 6.5.

Defensive priority

Apply patches for SQLite version 3.8.9 or later and upgrade Android to version 5.1.1 LMY48T or later. For ABB B&R Automation Studio, upgrade to version 6.5 or later.

Recommended defensive actions

• Apply the patch for SQLite version 3.8.9 or later.
• Upgrade Android to version 5.1.1 LMY48T or later.
• Upgrade ABB B&R Automation Studio to version 6.5 or later.
• Implement general security best practices to prevent exploitation.
• Monitor systems for suspicious activity.

Evidence notes

The CVE description and source metadata indicate that SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application. ABB B&R Automation Studio is also affected, with a fix available in version 6.5. The CVSS score is 3.7, indicating low severity.

Official resources