35 matches found
EUVD-2020-17391
Malware in sbrugna...
EUVD-2020-17393
Malware in sbrugna...
EUVD-2020-17397
Malware in sbrugna...
EUVD-2020-17389
Malware in sbrugna...
EUVD-2024-16131
Malicious code in bioql PyPI...
CVE-2024-0335
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...
CVE-2024-0335
CVE-2024-0335 concerns ABB Symphony Plus S+ products (Operations, Engineering, Analyst) with a vulnerability in the ABB VPNI feature of the S+ Control API. The issue stems from errors in processing relative paths within VPNI, which can enable denial of service. Affected versions include S+ Operat...
CVE-2024-0335 Malformed Packet Handling
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...
CVE-2024-0335 Malformed Packet Handling
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products e.g., S+ Operations, S+ Engineering and S+ Analyst This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0...
ABB Central Licensing System Uncontrolled Resource Consumption (CVE-2020-8475)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
Authentication flaw
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2...
CVE-2023-0228 Improper authentication vulnerability in S+ Operations
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2...
CVE-2020-24677
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data...
CVE-2020-24678
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges...
CVE-2020-24679
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted...
CVE-2020-24683
The affected versions of S+ Operations version 2.1 SP1 and earlier used an approach for user authentication which relies on validation at the client node client-side authentication. This is not as secure as having the server validate a client application before allowing a connection. Therefore, i...
CVE-2020-24680
In S+ Operations and S+ Historian, the passwords of internal users not Windows Users are encrypted but improperly stored in a database...
CVE-2020-24675
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server or standalone S+ History server and ultimately write values to the controlled process...
CVE-2020-24673
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database such as shutdown the DBMS, recover the content of a given file present on the DBMS file...
Design/Logic Flaw
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server or standalone S+ History server and ultimately write values to the controlled process...