Lucene search
K
AbbSymphony + Operations

9 matches found

CVE
CVE
added 2020/12/22 9:21 p.m.76 views

CVE-2020-24673

CVE-2020-24673 affects S+ Operations and S+ Historian. The vulnerability is a SQL injection that can allow an attacker to read sensitive data, modify data (Insert/Update/Delete), perform database administration operations (e.g., shutdown the DBMS), recover files from the DBMS file system, and pot...

9.8CVSS9.9AI score0.01046EPSS
CVE
CVE
added 2020/12/22 9:22 p.m.74 views

CVE-2020-24675

The CVE-2020-24675 entry concerns ABB S+ Operations and S+ History servers. The vulnerability allows an unauthenticated remote attacker to inject values into the Operations History server (or standalone S+ History server), enabling writes to the controlled process. This is evidenced by the NVD en...

9.8CVSS9.6AI score0.01151EPSS
CVE
CVE
added 2020/12/22 9:19 p.m.73 views

CVE-2020-24683

Summary: CVE-2020-24683 affects S+ Operations (version 2.1 SP1 and earlier). The root cause is client-side authentication, where the server does not validate a client application before allowing a connection. This can allow unauthorized actors to bypass authentication and establish unauthorized c...

9.8CVSS9.7AI score0.01411EPSS
CVE
CVE
added 2020/12/22 9:16 p.m.72 views

CVE-2020-24677

Technical details (affected products, vulnerable components, exact root cause, versions, exploitability) are not provided in the supplied documents. Monitor for updates from NVD/ABB and EU sources for concrete advisories.

8.8CVSS9AI score0.0134EPSS
CVE
CVE
added 2020/12/22 9:15 p.m.71 views

CVE-2020-24676

The CVE-2020-24676 entry affects Symphony Plus Operations and Symphony Plus Historian : unprivileged but authenticated users can leverage vulnerable services to achieve arbitrary code execution with privilege escalation, depending on the account the service runs under. The documented impact is pr...

7.8CVSS8AI score0.00411EPSS
CVE
CVE
added 2020/12/22 9:13 p.m.68 views

CVE-2020-24678

CVE-2020-24678 affects S+ Operations or S+ Historian database. An authenticated user may execute malicious code under their user context and escalate privileges to take control of the system. Public details from NVD indicate CVSSv3.1 base score 8.8 (HIGH) with NETWORK attack vector, LOW attack co...

8.8CVSS9.1AI score0.01452EPSS
CVE
CVE
added 2020/12/22 9:17 p.m.68 views

CVE-2020-24679

CVE-2020-24679 concerns the S+ Operations and S+ Historian service. Public sources describe a DoS with specially crafted messages that can crash the service and, in some wording, may allow arbitrary code execution on the host. The NVD entry lists impact including high confidentiality, integrity, ...

10CVSS9AI score0.01745EPSS
CVE
CVE
added 2020/12/22 9:18 p.m.67 views

CVE-2020-24680

CVE-2020-24680 affects S+ Operations and S+ Historian. The issue is that internal-user passwords are encrypted but stored in a database inappropriately, enabling local access to sensitive credentials. CVSSv3.1 base score is 7.0 (HIGH) with Confidentiality, Integrity, and Availability impacts; att...

7CVSS6.8AI score0.00264EPSS
CVE
CVE
added 2020/12/22 9:20 p.m.66 views

CVE-2020-24674

CVE-2020-24674 affects S+ Operations and S+ Historian. The issue is improper authorization where not all client commands properly enforce user permissions. Authenticated but Unauthorized remote users could trigger a Denial-of-Service, execute arbitrary code, or gain higher privileges on affected ...

9CVSS9.1AI score0.02875EPSS