CVE-2020-24674 HIGH

CVE-2020-24674: Improper Authorization in Symphony Plus

Vendor Abb
Product ABB Ability™ Symphony® Plus Operations
Weakness CWE-285
Published December 22, 2020
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.

Key dates

02Disclosure timeline

December 22, 2020 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-0027 Cortex XSOAR: Incorrect Authorization Vulnerability When Generating Reports CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function CVE-2021-36029 Magento Commerce Improper Authorization Vulnerability Could Lead To Remote Code Execution CVE-2026-10218 nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization