Vulnerabilities > CVE-2020-24678 - Unspecified vulnerability in ABB Symphony + Historian and Symphony + Operations

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

abb

NVD

Published: 2020-12-22

Updated: 2021-10-07

Summary

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.

Vulnerable Configurations

Part	Description	Count
Application	Abb ABB Symphony + Historian 3.0 ABB Symphony + Historian 3.1 ABB Symphony + Operations 1.1 ABB Symphony + Operations 2.0 ABB Symphony + Operations 2.1 ABB Symphony + Operations 3.0 ABB Symphony + Operations 3.1 ABB Symphony + Operations 3.2 ABB Symphony + Operations 3.3	10

References

https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch