// For flags

CVE-2024-0335

Malformed Packet Handling

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)

This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.

ABB ha identificado internamente una vulnerabilidad en la funciĆ³n ABB VPNI del componente S+ Control API que puede ser utilizada por varios productos Symphony Plus (por ejemplo, S+ Operations, S+ Engineering y S+ Analyst). Este problema afecta a Symphony Plus S+ Operations: desde 3.. 0;0 a 3.3 SP1 RU4, de 2.1;0 a 2.1 SP2 RU3, de 2.0;0 a 2.0 SP6 TC6; Symphony Plus S+ Engineering: de 2.1 a 2.3 RU3; Symphony Plus S+ Analyst: desde 7.0.0.0 hasta 7.2.0.2.

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)


This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-01-09 CVE Reserved
  • 2024-04-03 CVE Published
  • 2024-04-04 EPSS Updated
  • 2024-09-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-23: Relative Path Traversal
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
ABB
Search vendor "ABB"
Symphony Plus S+ Analyst
Search vendor "ABB" for product "Symphony Plus S+ Analyst"
>= 7.0.0.0 <= 7.2.0.2
Search vendor "ABB" for product "Symphony Plus S+ Analyst" and version " >= 7.0.0.0 <= 7.2.0.2"
en
Affected