CVE-2020-24674

Description

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ABB / ABB Ability™ Symphony® Plus Historianunspecified – 3.2
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 3.3 Service Pack 1
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.1 SP2 Rollup 2
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.2

References

MISChttps://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
MISChttps://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch