CVE-2024-0335
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)
This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ABB | Symphony Plus S+ Operations | 3..0;0 <= 3.3 SP1 RU4 | affected |
| ABB | Symphony Plus S+ Operations | 2.1;0 <= 2.1 SP2 RU3 | affected |
| ABB | Symphony Plus S+ Operations | 2.0;0 <= 2.0 SP6 TC6 | affected |
| ABB | Symphony Plus S+ Engineering | 2.1 <= 2.3 RU3 | affected |
| ABB | Symphony Plus S+ Analyst | 7.0.0.0 <= 7.2.0.2 | affected |
Weaknesses
- CWE-23: CWE-23 Relative Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.