Design/Logic Flaw

2020-12-2222:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

JSON

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.

CPENameOperatorVersion
symphony_\\+_historianeq3.0
symphony_\\+_historianeq3.1
symphony_\\+_operationseq1.1
symphony_\\+_operationseq2.0
symphony_\\+_operationseq2.1 sp1
symphony_\\+_operationseq2.1 sp2
symphony_\\+_operationseq3.0
symphony_\\+_operationseq3.1
symphony_\\+_operationseq3.2
symphony_\\+_operationseq3.3

Name	Operator	Version
symphony_\\+_historian	eq	3.0
symphony_\\+_historian	eq	3.1
symphony_\\+_operations	eq	1.1
symphony_\\+_operations	eq	2.0
symphony_\\+_operations	eq	2.1 sp1
symphony_\\+_operations	eq	2.1 sp2
symphony_\\+_operations	eq	3.0
symphony_\\+_operations	eq	3.1
symphony_\\+_operations	eq	3.2
symphony_\\+_operations	eq	3.3