9 matches found
CVE-2020-24673
CVE-2020-24673 affects S+ Operations and S+ Historian. The vulnerability is a SQL injection that can allow an attacker to read sensitive data, modify data (Insert/Update/Delete), perform database administration operations (e.g., shutdown the DBMS), recover files from the DBMS file system, and pot...
CVE-2020-24675
The CVE-2020-24675 entry concerns ABB S+ Operations and S+ History servers. The vulnerability allows an unauthenticated remote attacker to inject values into the Operations History server (or standalone S+ History server), enabling writes to the controlled process. This is evidenced by the NVD en...
CVE-2020-24683
Summary: CVE-2020-24683 affects S+ Operations (version 2.1 SP1 and earlier). The root cause is client-side authentication, where the server does not validate a client application before allowing a connection. This can allow unauthorized actors to bypass authentication and establish unauthorized c...
CVE-2020-24677
Technical details (affected products, vulnerable components, exact root cause, versions, exploitability) are not provided in the supplied documents. Monitor for updates from NVD/ABB and EU sources for concrete advisories.
CVE-2020-24676
The CVE-2020-24676 entry affects Symphony Plus Operations and Symphony Plus Historian : unprivileged but authenticated users can leverage vulnerable services to achieve arbitrary code execution with privilege escalation, depending on the account the service runs under. The documented impact is pr...
CVE-2020-24678
CVE-2020-24678 affects S+ Operations or S+ Historian database. An authenticated user may execute malicious code under their user context and escalate privileges to take control of the system. Public details from NVD indicate CVSSv3.1 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack co...
CVE-2020-24679
CVE-2020-24679 concerns the S+ Operations and S+ Historian service. Public sources describe a DoS with specially crafted messages that can crash the service and, in some wording, may allow arbitrary code execution on the host. The NVD entry lists impact including high confidentiality, integrity, ...
CVE-2020-24680
CVE-2020-24680 affects S+ Operations and S+ Historian. The issue is that internal-user passwords are encrypted but stored in a database inappropriately, enabling local access to sensitive credentials. CVSSv3.1 base score is 7.0 (HIGH) with Confidentiality, Integrity, and Availability impacts; att...
CVE-2020-24674
CVE-2020-24674 affects S+ Operations and S+ Historian. The issue is improper authorization where not all client commands properly enforce user permissions. Authenticated but Unauthorized remote users could trigger a Denial-of-Service, execute arbitrary code, or gain higher privileges on affected ...