HIGH🇬🇧 English

CVE-2020-24676

CVSS 7.8v3.1pub. 2020-12-22upd. 2024-11-21

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Abb Symphony \+ Historian

    APP
    Abb
    3.03.1
  • Abb Symphony \+ Operations

    APP
    Abb
    1.12.02.13.03.13.23.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCELPE
CWE
Referencje

Powiązane podatności

CVE-2020-24673CRITICAL9.8ten sam produkt

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the databas...

CVE-2020-24675CRITICAL9.8ten sam produkt

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operat...

CVE-2020-24683CRITICAL9.8ten sam produkt

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication ...

CVE-2020-24677HIGH8.8ten sam produkt

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution a...

CVE-2020-24678HIGH8.8ten sam produkt

An authenticated user might execute malicious code under the user context and take control of the system. S+ O...