// For flags

CVE-2020-24674

Improper Authorization in Symphony Plus

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.

En S+ Operations y S+ Historian, no todos los comandos del cliente comprueban correctamente los permisos del usuario como se esperaba. Los usuarios remotos autenticados pero no autorizados podrían ejecutar un ataque de denegación de servicio (DoS), ejecutar código arbitrario u obtener más privilegios de los previstos en las máquinas

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-08-26 CVE Reserved
  • 2020-12-22 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-10-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-285: Improper Authorization
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Abb
Search vendor "Abb"
 Symphony \+ Historian
Search vendor "Abb" for product "Symphony \+ Historian"
 3.0
Search vendor "Abb" for product "Symphony \+ Historian" and version "3.0"
-
Affected
Abb
Search vendor "Abb"
 Symphony \+ Historian
Search vendor "Abb" for product "Symphony \+ Historian"
 3.1
Search vendor "Abb" for product "Symphony \+ Historian" and version "3.1"
-
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 1.1
Search vendor "Abb" for product "Symphony \+ Operations" and version "1.1"
-
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 2.0
Search vendor "Abb" for product "Symphony \+ Operations" and version "2.0"
-
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 2.1
Search vendor "Abb" for product "Symphony \+ Operations" and version "2.1"
sp1
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 2.1
Search vendor "Abb" for product "Symphony \+ Operations" and version "2.1"
sp2
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 3.0
Search vendor "Abb" for product "Symphony \+ Operations" and version "3.0"
-
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 3.1
Search vendor "Abb" for product "Symphony \+ Operations" and version "3.1"
-
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 3.2
Search vendor "Abb" for product "Symphony \+ Operations" and version "3.2"
-
Affected
Abb
Search vendor "Abb"
 Symphony \+ Operations
Search vendor "Abb" for product "Symphony \+ Operations"
 3.3
Search vendor "Abb" for product "Symphony \+ Operations" and version "3.3"
-
Affected