Sign-up

ID

VAR-202012-0322


CVE

CVE-2020-24677


TITLE

S+ Operations  and  S+ Historian web applications  Vulnerability in checking for exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014752

DESCRIPTION

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. Both ABB Symphony Plus Operations and ABB Symphony Plus Historian are products of ABB, Switzerland. ABB Symphony Plus Operations is a management device used in industrial environments to improve operational efficiency. The device provides an easy-to-use human-machine interface, seamlessly integrates all plant equipment and subsystems using industry-standard protocols and technologies, and provides functions such as alarm management, process optimization, and more. ABB Symphony Plus Historian is a device for visually viewing and managing historical information of industrial equipment

Trust: 1.71

sources: NVD: CVE-2020-24677 // JVNDB: JVNDB-2020-014752 // VULHUB: VHN-178579

AFFECTED PRODUCTS

vendor:abbmodel:symphony \+ operationsscope:eqversion:2.0

Trust: 1.0

vendor:abbmodel:symphony \+ operationsscope:eqversion:3.0

Trust: 1.0

vendor:abbmodel:symphony \+ historianscope:eqversion:3.1

Trust: 1.0

vendor:abbmodel:symphony \+ operationsscope:eqversion:2.1

Trust: 1.0

vendor:abbmodel:symphony \+ operationsscope:eqversion:3.3

Trust: 1.0

vendor:abbmodel:symphony \+ operationsscope:eqversion:1.1

Trust: 1.0

vendor:abbmodel:symphony \+ operationsscope:eqversion:3.2

Trust: 1.0

vendor:abbmodel:symphony \+ historianscope:eqversion:3.0

Trust: 1.0

vendor:abbmodel:symphony \+ operationsscope:eqversion:3.1

Trust: 1.0

vendor:abbmodel:symphony plus historianscope: - version: -

Trust: 0.8

vendor:abbmodel:symphony plus operationsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014752 // NVD: CVE-2020-24677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24677
value: HIGH

Trust: 1.0

cybersecurity@ch.abb.com: CVE-2020-24677
value: HIGH

Trust: 1.0

NVD: CVE-2020-24677
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202012-1464
value: HIGH

Trust: 0.6

VULHUB: VHN-178579
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-24677
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-178579
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-24677
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-014752
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-178579 // JVNDB: JVNDB-2020-014752 // CNNVD: CNNVD-202012-1464 // NVD: CVE-2020-24677 // NVD: CVE-2020-24677

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.1

problemtype:Improper checking in exceptional conditions (CWE-754) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-178579 // JVNDB: JVNDB-2020-014752 // NVD: CVE-2020-24677

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1464

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-1464

PATCH

title:Vulnerability IDurl:https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch

Trust: 0.8

title:ABB Symphony Plus Operations and ABB Symphony Plus Historian Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137809

Trust: 0.6

sources: JVNDB: JVNDB-2020-014752 // CNNVD: CNNVD-202012-1464

EXTERNAL IDS

db:NVDid:CVE-2020-24677

Trust: 2.5

db:JVNDBid:JVNDB-2020-014752

Trust: 0.8

db:CNNVDid:CNNVD-202012-1464

Trust: 0.7

db:VULHUBid:VHN-178579

Trust: 0.1

sources: VULHUB: VHN-178579 // JVNDB: JVNDB-2020-014752 // CNNVD: CNNVD-202012-1464 // NVD: CVE-2020-24677

REFERENCES

url:https://search.abb.com/library/download.aspx?documentid=2paa123980&languagecode=en&documentpartid=&action=launch

Trust: 1.6

url:https://search.abb.com/library/download.aspx?documentid=2paa123982&languagecode=en&documentpartid=&action=launch

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-24677

Trust: 1.4

url:https://search.abb.com/library/download.aspx?documentid=2paa123980&languagecode=en&documentpartid=&action=launch

Trust: 0.1

url:https://search.abb.com/library/download.aspx?documentid=2paa123982&languagecode=en&documentpartid=&action=launch

Trust: 0.1

sources: VULHUB: VHN-178579 // JVNDB: JVNDB-2020-014752 // CNNVD: CNNVD-202012-1464 // NVD: CVE-2020-24677

SOURCES

db:VULHUBid:VHN-178579
db:JVNDBid:JVNDB-2020-014752
db:CNNVDid:CNNVD-202012-1464
db:NVDid:CVE-2020-24677

LAST UPDATE DATE

2024-11-23T23:07:46.279000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-178579date:2021-10-07T00:00:00
db:JVNDBid:JVNDB-2020-014752date:2021-08-30T08:30:00
db:CNNVDid:CNNVD-202012-1464date:2020-12-24T00:00:00
db:NVDid:CVE-2020-24677date:2024-11-21T05:15:42.347

SOURCES RELEASE DATE

db:VULHUBid:VHN-178579date:2020-12-22T00:00:00
db:JVNDBid:JVNDB-2020-014752date:2021-08-30T00:00:00
db:CNNVDid:CNNVD-202012-1464date:2020-12-22T00:00:00
db:NVDid:CVE-2020-24677date:2020-12-22T22:15:13.413