Lucene search
ABBCVELIST:CVE-2020-24679HistoryDec 22, 2020 - 9:17 p.m.
CVE-2020-24679 Denial of Service attack on Symphony Plus
2020-12-2221:17:12
CWE-20
ABB
www.cve.org
5
cve-2020-24679
denial of service
symphony plus
special crafted messages
arbitrary code
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
9.7
Confidence
High
EPSS
0.008
Percentile
81.8%
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.
CNA Affected
[
{
"product": "ABB Ability™ Symphony® Plus Operations",
"vendor": "ABB",
"versions": [
{
"lessThan": "3.3 Service Pack 1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "2.1 SP2 Rollup 2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ABB Ability™ Symphony® Plus Historian",
"vendor": "ABB",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Code injection
2020-12-22 22:15:00
nvd
nvd
CVE-2020-24679
2020-12-22 22:15:13
cve
cve
CVE-2020-24679
2020-12-22 22:15:13
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
9.7
Confidence
High
EPSS
0.008
Percentile
81.8%
Related for CVELIST:CVE-2020-24679