Lucene search

[email protected]NVD:CVE-2024-0335

HistoryApr 03, 2024 - 7:15 p.m.

CVE-2024-0335

2024-04-0319:15:43

CWE-23

[email protected]

web.nvd.nist.gov

abb vpni

s+ control api

cve-2024-0335

s+ operations

s+ engineering

s+ analyst

vulnerability

security advisory

symphony plus

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)

This issue affects Symphony Plus S+ Operations: from 3…0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.

References

search.abb.com/library/Download.aspx?DocumentID=7PAA002536&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-0335

cvelist1 vulnrichment1 cve1