CRITICAL🇬🇧 English

CVE-2020-24673

CVSS 9.8v3.1pub. 2020-12-22upd. 2024-11-21

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Abb Symphony \+ Historian

    APP
    Abb
    3.03.1
  • Abb Symphony \+ Operations

    APP
    Abb
    1.12.02.13.03.13.23.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2020-24675CRITICAL9.8ten sam produkt

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operat...

CVE-2020-24683CRITICAL9.8ten sam produkt

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication ...

CVE-2020-24677HIGH8.8ten sam produkt

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution a...

CVE-2020-24674HIGH8.8ten sam produkt

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authen...

CVE-2020-24679HIGH7.5ten sam produkt

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might us...