Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveABBCVE-2020-24683
HistoryDec 22, 2020 - 10:15 p.m.

CVE-2020-24683

2020-12-2222:15:13
CWE-602
CWE-305
CWE-669
ABB
web.nvd.nist.gov
40
2
s+ operations
cve-2020-24683
authentication
security
vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

Affected configurations

Nvd
Node
abbsymphony_\+_historianMatch3.0
OR
abbsymphony_\+_historianMatch3.1
OR
abbsymphony_\+_operationsMatch1.1
OR
abbsymphony_\+_operationsMatch2.0
OR
abbsymphony_\+_operationsMatch2.1sp1
OR
abbsymphony_\+_operationsMatch2.1sp2
OR
abbsymphony_\+_operationsMatch3.0
OR
abbsymphony_\+_operationsMatch3.1
OR
abbsymphony_\+_operationsMatch3.2
OR
abbsymphony_\+_operationsMatch3.3
VendorProductVersionCPE
abbsymphony_\+_historian3.0cpe:2.3:a:abb:symphony_\+_historian:3.0:*:*:*:*:*:*:*
abbsymphony_\+_historian3.1cpe:2.3:a:abb:symphony_\+_historian:3.1:*:*:*:*:*:*:*
abbsymphony_\+_operations1.1cpe:2.3:a:abb:symphony_\+_operations:1.1:*:*:*:*:*:*:*
abbsymphony_\+_operations2.0cpe:2.3:a:abb:symphony_\+_operations:2.0:*:*:*:*:*:*:*
abbsymphony_\+_operations2.1cpe:2.3:a:abb:symphony_\+_operations:2.1:sp1:*:*:*:*:*:*
abbsymphony_\+_operations2.1cpe:2.3:a:abb:symphony_\+_operations:2.1:sp2:*:*:*:*:*:*
abbsymphony_\+_operations3.0cpe:2.3:a:abb:symphony_\+_operations:3.0:*:*:*:*:*:*:*
abbsymphony_\+_operations3.1cpe:2.3:a:abb:symphony_\+_operations:3.1:*:*:*:*:*:*:*
abbsymphony_\+_operations3.2cpe:2.3:a:abb:symphony_\+_operations:3.2:*:*:*:*:*:*:*
abbsymphony_\+_operations3.3cpe:2.3:a:abb:symphony_\+_operations:3.3:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "ABB Abilityโ„ข Symphonyยฎ Plus Operations",
    "vendor": "ABB",
    "versions": [
      {
        "lessThan": "2.1 SP1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2020-24683 Authentication Bypass in Symphony Plus
2020-12-22 21:19:10
prion
prion
Authentication flaw
2020-12-22 22:15:00
nvd
nvd
CVE-2020-24683
2020-12-22 22:15:13

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON
Related for CVE-2020-24683
cvelist1prion1nvd1