CVE-2020-24676
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/12/2020
Last modified:
14/09/2021
Description
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:abb:symphony_\+_historian:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_historian:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:2.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:2.1:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:abb:symphony_\+_operations:3.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page