15 matches found
EUVD-2020-17393
Malware in sbrugna...
EUVD-2020-17391
Malware in sbrugna...
CVE-2020-24678
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges...
CVE-2020-24673
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database such as shutdown the DBMS, recover the content of a given file present on the DBMS file...
CVE-2020-24680
In S+ Operations and S+ Historian, the passwords of internal users not Windows Users are encrypted but improperly stored in a database...
Design/Logic Flaw
In S+ Operations and S+ Historian, the passwords of internal users not Windows Users are encrypted but improperly stored in a database...
Command injection
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service DoS attack, execute arbitrary code, or obtain more privilege than intended on the machines...
Sql injection
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database such as shutdown the DBMS, recover the content of a given file present on the DBMS file...
CVE-2020-24673
CVE-2020-24673 affects S+ Operations and S+ Historian. The vulnerability is a SQL injection that can allow an attacker to read sensitive data, modify data (Insert/Update/Delete), perform database administration operations (e.g., shutdown the DBMS), recover files from the DBMS file system, and pot...
CVE-2020-24674 Improper Authorization in Symphony Plus
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service DoS attack, execute arbitrary code, or obtain more privilege than intended on the machines...
CVE-2020-24674
CVE-2020-24674 affects S+ Operations and S+ Historian. The issue is improper authorization where not all client commands properly enforce user permissions. Authenticated but Unauthorized remote users could trigger a Denial-of-Service, execute arbitrary code, or gain higher privileges on affected ...
CVE-2020-24680 Improper Credential Storage in Symphony Plus
In S+ Operations and S+ Historian, the passwords of internal users not Windows Users are encrypted but improperly stored in a database...
CVE-2020-24679
CVE-2020-24679 concerns the S+ Operations and S+ Historian service. Public sources describe a DoS with specially crafted messages that can crash the service and, in some wording, may allow arbitrary code execution on the host. The NVD entry lists impact including high confidentiality, integrity, ...
CVE-2020-24677 Insecure Web Service in Symphony Plus
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data...
CVE-2020-24678
CVE-2020-24678 affects S+ Operations or S+ Historian database. An authenticated user may execute malicious code under their user context and escalate privileges to take control of the system. Public details from NVD indicate CVSSv3.1 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack co...