CVE-2020-24675

Description

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ABB / ABB Ability™ Symphony® Plus Historianunspecified – 3.2
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 3.3 Service Pack 1
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.1 SP2 Rollup 2
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.2

References

MISChttps://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
MISChttps://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch