Vulnerabilities > ABB > Symphony Operations
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2020-24683 | Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony + Historian and Symphony + Operations The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). | 9.8 |
| 2020-12-22 | CVE-2020-24680 | Insufficiently Protected Credentials vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. | 7.0 |
| 2020-12-22 | CVE-2020-24679 | Improper Input Validation vulnerability in ABB Symphony + Historian and Symphony + Operations A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. | 9.8 |
| 2020-12-22 | CVE-2020-24678 | Unspecified vulnerability in ABB Symphony + Historian and Symphony + Operations An authenticated user might execute malicious code under the user context and take control of the system. | 8.8 |
| 2020-12-22 | CVE-2020-24677 | Improper Check for Unusual or Exceptional Conditions vulnerability in ABB Symphony + Historian and Symphony + Operations Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. | 8.8 |
| 2020-12-22 | CVE-2020-24676 | Unspecified vulnerability in ABB Symphony + Historian and Symphony + Operations In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. | 7.8 |
| 2020-12-22 | CVE-2020-24675 | Improper Authentication vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | 9.8 |
| 2020-12-22 | CVE-2020-24674 | Incorrect Authorization vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. | 8.8 |
| 2020-12-22 | CVE-2020-24673 | SQL Injection vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. | 9.8 |