Details of VAR-202012-0324

ID

VAR-202012-0324

CVE

CVE-2020-24679

TITLE

S+ Operations and S+ Historian service Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014754

DESCRIPTION

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. Both ABB Symphony Plus Operations and ABB Symphony Plus Historian are products of ABB, Switzerland. ABB Symphony Plus Operations is a management device used in industrial environments to improve operational efficiency. The device provides an easy-to-use human-machine interface, seamlessly integrates all plant equipment and subsystems using industry-standard protocols and technologies, and provides functions such as alarm management, process optimization, and more. ABB Symphony Plus Historian is a device for visually viewing and managing historical information of industrial equipment

Trust: 1.71

sources: NVD: CVE-2020-24679 // JVNDB: JVNDB-2020-014754 // VULHUB: VHN-178581

AFFECTED PRODUCTS

vendor:	abb	model:	symphony \+ operations	scope:	eq	version:	2.0	Trust: 1.0
vendor:	abb	model:	symphony \+ operations	scope:	eq	version:	3.0	Trust: 1.0
vendor:	abb	model:	symphony \+ historian	scope:	eq	version:	3.1	Trust: 1.0
vendor:	abb	model:	symphony \+ operations	scope:	eq	version:	2.1	Trust: 1.0
vendor:	abb	model:	symphony \+ operations	scope:	eq	version:	3.3	Trust: 1.0
vendor:	abb	model:	symphony \+ operations	scope:	eq	version:	1.1	Trust: 1.0
vendor:	abb	model:	symphony \+ operations	scope:	eq	version:	3.2	Trust: 1.0
vendor:	abb	model:	symphony \+ historian	scope:	eq	version:	3.0	Trust: 1.0
vendor:	abb	model:	symphony \+ operations	scope:	eq	version:	3.1	Trust: 1.0
vendor:	abb	model:	symphony plus historian	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	symphony plus operations	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014754 // NVD: CVE-2020-24679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-24679
value:	CRITICAL
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2020-24679
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-24679
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202012-1463
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-178581
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-24679
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-178581
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-24679
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
cybersecurity@ch.abb.com:	CVE-2020-24679
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-24679
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-178581 // JVNDB: JVNDB-2020-014754 // CNNVD: CNNVD-202012-1463 // NVD: CVE-2020-24679 // NVD: CVE-2020-24679

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-178581 // JVNDB: JVNDB-2020-014754 // NVD: CVE-2020-24679

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1463

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1463

PATCH

title:	Vulnerability ID	url:	https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch	Trust: 0.8
title:	ABB Symphony Plus Operations and ABB Symphony Plus Historian Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137992	Trust: 0.6

sources: JVNDB: JVNDB-2020-014754 // CNNVD: CNNVD-202012-1463

EXTERNAL IDS

db:	NVD	id:	CVE-2020-24679	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-014754	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1463	Trust: 0.7
db:	VULHUB	id:	VHN-178581	Trust: 0.1

sources: VULHUB: VHN-178581 // JVNDB: JVNDB-2020-014754 // CNNVD: CNNVD-202012-1463 // NVD: CVE-2020-24679

REFERENCES

url:	https://search.abb.com/library/download.aspx?documentid=2paa123980&languagecode=en&documentpartid=&action=launch	Trust: 1.6
url:	https://search.abb.com/library/download.aspx?documentid=2paa123982&languagecode=en&documentpartid=&action=launch	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24679	Trust: 1.4
url:	https://search.abb.com/library/download.aspx?documentid=2paa123980&languagecode=en&documentpartid=&action=launch	Trust: 0.1
url:	https://search.abb.com/library/download.aspx?documentid=2paa123982&languagecode=en&documentpartid=&action=launch	Trust: 0.1

sources: VULHUB: VHN-178581 // JVNDB: JVNDB-2020-014754 // CNNVD: CNNVD-202012-1463 // NVD: CVE-2020-24679

SOURCES

db:	VULHUB	id:	VHN-178581
db:	JVNDB	id:	JVNDB-2020-014754
db:	CNNVD	id:	CNNVD-202012-1463
db:	NVD	id:	CVE-2020-24679

LAST UPDATE DATE

2024-11-23T22:25:14.742000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-178581	date:	2021-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-014754	date:	2021-08-30T08:30:00
db:	CNNVD	id:	CNNVD-202012-1463	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2020-24679	date:	2024-11-21T05:15:43.153

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-178581	date:	2020-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-014754	date:	2021-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202012-1463	date:	2020-12-22T00:00:00
db:	NVD	id:	CVE-2020-24679	date:	2020-12-22T22:15:13.583