CVE-2020-24673
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
22/12/2020
Last modified:
07/10/2021
Description
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:abb:symphony_\+_historian:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_historian:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:2.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:2.1:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page