Vulnerabilities > ABB > Symphony Operations > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-22 | CVE-2020-24673 | SQL Injection vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. | 9.8 |
| 2020-12-22 | CVE-2020-24675 | Improper Authentication vulnerability in ABB Symphony + Historian and Symphony + Operations In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | 9.8 |
| 2020-12-22 | CVE-2020-24679 | Improper Input Validation vulnerability in ABB Symphony + Historian and Symphony + Operations A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. | 9.8 |
| 2020-12-22 | CVE-2020-24683 | Incorrect Resource Transfer Between Spheres vulnerability in ABB Symphony + Historian and Symphony + Operations The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). | 9.8 |