CVE-2020-24674
HIGH WAF: Low
CVSS 8.8
Published: 2020-12-22
CWE-863
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| abb | symphony_\+_historian | 3.0 |
| abb | symphony_\+_historian | 3.1 |
| abb | symphony_\+_operations | 1.1 |
| abb | symphony_\+_operations | 2.0 |
| abb | symphony_\+_operations | 2.1 |
| abb | symphony_\+_operations | 2.1 |
| abb | symphony_\+_operations | 3.0 |
| abb | symphony_\+_operations | 3.1 |
| abb | symphony_\+_operations | 3.2 |
| abb | symphony_\+_operations | 3.3 |
References
- search.abb.com (Mitigation, Vendor Advisory)
- search.abb.com (Mitigation, Vendor Advisory)