Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Symphony + Operations Security Vulnerabilities

cve
cve

CVE-2020-24673

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file s...

9.8CVSS

9.7AI Score

0.002EPSS

2020-12-22 10:15 PM
52
cve
cve

CVE-2020-24674

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.

8.8CVSS

8.9AI Score

0.005EPSS

2020-12-22 10:15 PM
39
2
cve
cve

CVE-2020-24675

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.

9.8CVSS

9.4AI Score

0.003EPSS

2020-12-22 10:15 PM
46
cve
cve

CVE-2020-24676

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.

7.8CVSS

8AI Score

0.0004EPSS

2020-12-22 10:15 PM
45
cve
cve

CVE-2020-24677

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.

8.8CVSS

8.8AI Score

0.001EPSS

2020-12-22 10:15 PM
46
2
cve
cve

CVE-2020-24678

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.

8.8CVSS

8.9AI Score

0.005EPSS

2020-12-22 10:15 PM
48
1
cve
cve

CVE-2020-24679

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

9.8CVSS

9.5AI Score

0.008EPSS

2020-12-22 10:15 PM
42
1
cve
cve

CVE-2020-24680

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.

7CVSS

6.8AI Score

0.0004EPSS

2020-12-22 10:15 PM
45
2
cve
cve

CVE-2020-24683

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore,...

9.8CVSS

9.5AI Score

0.002EPSS

2020-12-22 10:15 PM
40
2