HIGH🇵🇱 Wersja polska

CVE-2020-24679

CVSS 7.5v3.1pub. 2020-12-22upd. 2024-11-21

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Abb Symphony \+ Historian

    APP
    Abb
    3.03.1
  • Abb Symphony \+ Operations

    APP
    Abb
    1.12.02.13.03.13.23.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-24673CRITICAL9.8ten sam produkt

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the databas...

CVE-2020-24675CRITICAL9.8ten sam produkt

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operat...

CVE-2020-24683CRITICAL9.8ten sam produkt

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication ...

CVE-2020-24676HIGH7.8ten sam produkt

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalati...

CVE-2020-24677HIGH8.8ten sam produkt

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution a...