HIGH🇵🇱 Wersja polska

CVE-2020-24678

CVSS 8.8v3.1pub. 2020-12-22upd. 2024-11-21

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Abb Symphony \+ Historian

    APP
    Abb
    3.03.1
  • Abb Symphony \+ Operations

    APP
    Abb
    1.12.02.13.03.13.23.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-24673CRITICAL9.8ten sam produkt

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the databas...

CVE-2020-24675CRITICAL9.8ten sam produkt

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operat...

CVE-2020-24683CRITICAL9.8ten sam produkt

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication ...

CVE-2020-24676HIGH7.8ten sam produkt

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalati...

CVE-2020-24677HIGH8.8ten sam produkt

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution a...