CVE-2020-24676
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | ABB Ability™ Symphony® Plus Operations | unspecified < 3.3 Service Pack 1 | affected |
| ABB | ABB Ability™ Symphony® Plus Operations | unspecified < 2.1 SP2 Rollup 2 | affected |
| ABB | ABB Ability™ Symphony® Plus Operations | unspecified < 2.2 | affected |
| ABB | ABB Ability™ Symphony® Plus Historian | unspecified < 3.2 | affected |
Weaknesses
- CWE-274: CWE-274 Improper Handling of Insufficient Privileges
ADP Enrichment
CVE Program Container
Additional References
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch
References
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
- https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.