Description
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ABB / ABB Ability™ Symphony® Plus Historianunspecified – 3.2
- ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 3.3 Service Pack 1
- ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.1 SP2 Rollup 2
- ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.2