CVEdetails.com the ultimate security vulnerability data source

Log In Register

Take a third party risk management course for FREE

Vulnerability Feeds & Widgets^New www.itsecdb.com

Switch to https:// Home Browse :
Vendors Products Vulnerabilities By Date Vulnerabilities By Type Reports :
CVSS Score Report CVSS Score Distribution Search :
Vendor Search Product Search Version Search Vulnerability Search By Microsoft References Top 50 :
Vendors Vendor Cvss Scores Products Product Cvss Scores Versions Other :
Microsoft Bulletins Bugtraq Entries CWE Definitions About & Contact Feedback CVE Help FAQ Articles External Links :
NVD Website CWE Web Site

ABB » Symphony \ Historian » 3.1 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:abb:symphony_\+_historian:3.1:*:*:*:*:*:*:*

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2020-24683	669		Bypass	2020-12-22	2021-10-07	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
2	CVE-2020-24680	522			2020-12-22	2021-10-07	4.6	None	Local	Low	Not required	Partial	Partial	Partial
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
3	CVE-2020-24679	20		Exec Code	2020-12-22	2021-10-07	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.
4	CVE-2020-24678			Exec Code +Priv	2020-12-22	2021-10-07	6.5	None	Remote	Low	???	Partial	Partial	Partial
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.
5	CVE-2020-24677	754		Exec Code	2020-12-22	2021-10-07	6.5	None	Remote	Low	???	Partial	Partial	Partial
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
6	CVE-2020-24676			Exec Code	2020-12-22	2021-09-14	4.6	None	Local	Low	Not required	Partial	Partial	Partial
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
7	CVE-2020-24675	287			2020-12-22	2021-10-07	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.
8	CVE-2020-24674	863		Exec Code	2020-12-22	2021-10-07	9.0	None	Remote	Low	???	Complete	Complete	Complete
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.
9	CVE-2020-24673	89		Exec Code Sql	2020-12-22	2021-10-07	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.

Total number of vulnerabilities : 9 Page : 1 (This Page)

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.