CVE-2020-24679 HIGH

CVE-2020-24679: Denial of Service attack on Symphony Plus

Vendor Abb

Product ABB Ability™ Symphony® Plus Operations

Weakness CWE-20 · Input validation

Published December 22, 2020

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

Key dates

02Disclosure timeline

December 22, 2020 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-24679

Related vulnerabilities

Identifiers

CVE CVE-2020-24679

CWE CWE-20

CVSS 7.5 / HIGH

Affected versions

Vendor Abb

Product ABB Ability™ Symphony® Plus Operations

Affected ≥ unspecified and < 3.3 Service Pack 1

Vendor Abb

Product ABB Ability™ Symphony® Plus Operations

Affected ≥ unspecified and < 2.1 SP2 Rollup 2

Vendor Abb

Product ABB Ability™ Symphony® Plus Operations

Affected ≥ unspecified and < 2.2

Vendor Abb

Product ABB Ability™ Symphony® Plus Historian

Affected ≥ unspecified and < 3.2

CVE-2020-24679: Denial of Service attack on Symphony Plus

01Description

02Disclosure timeline

03References

04Related CVE