CVE-2020-24680 HIGH

CVE-2020-24680: Improper Credential Storage in Symphony Plus

Vendor Abb
Product ABB Ability™ Symphony® Plus Operations
Weakness CWE-255
Published December 22, 2020
Last update September 17, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.

Key dates

02Disclosure timeline

December 22, 2020 CVE published
September 17, 2024 Record updated