OpenCVE

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	Symphony \+ Historian Symphony \+ Operations

Configuration 1 [-]

OR	cpe:2.3:a:abb:symphony_\+_historian:3.0:::::::*
	cpe:2.3:a:abb:symphony_\+_historian:3.1:::::::*
	cpe:2.3:a:abb:symphony_\+_operations:1.1:::::::*
	cpe:2.3:a:abb:symphony_\+_operations:2.0:::::::*
	cpe:2.3:a:abb:symphony_\+_operations:2.1:sp1::::::
	cpe:2.3:a:abb:symphony_\+_operations:2.1:sp2::::::
	cpe:2.3:a:abb:symphony_\+_operations:3.0:::::::*
	cpe:2.3:a:abb:symphony_\+_operations:3.1:::::::*
	cpe:2.3:a:abb:symphony_\+_operations:3.2:::::::*
	cpe:2.3:a:abb:symphony_\+_operations:3.3:::::::*

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch

History

Tue, 17 Sep 2024 01:30:00 +0000

Type	Values Removed	Values Added
Title	Denial of Service attack on Symphony Plus	Denial of Service attack on Symphony Plus

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2020-12-22T21:17:12.753491Z

Updated: 2024-09-17T01:20:53.487Z

Reserved: 2020-08-26T00:00:00

Link: CVE-2020-24679

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-22T22:15:13.583

Modified: 2024-11-21T05:15:43.153

Link: CVE-2020-24679

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ABB Ability\u2122 Symphony\u00ae Plus Operations", "vendor": "ABB", "versions": [{"lessThan": "3.3 Service Pack 1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "2.1 SP2 Rollup 2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "2.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "ABB Ability\u2122 Symphony\u00ae Plus Historian", "vendor": "ABB", "versions": [{"lessThan": "3.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-22T21:17:12", "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_MISC"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"advisory": "2PAA123980, 2PAA123982", "discovery": "INTERNAL"}, "title": "Denial of Service attack on Symphony Plus", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@ch.abb.com", "DATE_PUBLIC": "2020-12-15T13:10:00.000Z", "ID": "CVE-2020-24679", "STATE": "PUBLIC", "TITLE": "Denial of Service attack on Symphony Plus"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ABB Ability\u2122 Symphony\u00ae Plus Operations", "version": {"version_data": [{"version_affected": "<", "version_value": "3.3 Service Pack 1"}, {"version_affected": "<", "version_value": "2.1 SP2 Rollup 2"}, {"version_affected": "<", "version_value": "2.2"}]}}, {"product_name": "ABB Ability\u2122 Symphony\u00ae Plus Historian", "version": {"version_data": [{"version_affected": "<", "version_value": "3.2"}]}}]}, "vendor_name": "ABB"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "MISC", "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "MISC", "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}]}, "source": {"advisory": "2PAA123980, 2PAA123982", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:19:09.203Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}]}]}, "cveMetadata": {"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "assignerShortName": "ABB", "cveId": "CVE-2020-24679", "datePublished": "2020-12-22T21:17:12.753491Z", "dateReserved": "2020-08-26T00:00:00", "dateUpdated": "2024-09-17T01:20:53.487Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abb:symphony_\\+_historian:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DAAEE275-0C2C-4D15-B0CB-B51706015769", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_historian:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A89B5F4-5BE7-4B0E-9ADF-46630017221C", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "21FB4D84-598C-486D-9A16-F24AEAA8B2A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "96371CD8-6C8A-459E-9A7E-34694B9F648E", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:2.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "5D3E3D88-6544-459D-A5F3-AFB682FF8462", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:2.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "ED64EBDB-B30B-49ED-88C9-7FC2B092FEA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6281EC9-5771-4B95-B18C-C11A0EABDA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3B553708-205B-4B87-BFE9-1570C1AAE06F", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C8D38257-9207-4AED-818F-EA6E09393491", "vulnerable": true}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "7EBFA7A6-0EF8-46FC-B92F-AF448531B997", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted."}, {"lang": "es", "value": "Un servicio S+ Operations y S+ Historian, est\u00e1 sujeto a una DoS mediante mensajes especiales dise\u00f1ados. Un atacante podr\u00eda usar este fallo para hacer que se bloquee o incluso ejecutar c\u00f3digo arbitrario en la m\u00e1quina donde est\u00e1 alojado el servicio"}], "id": "CVE-2020-24679", "lastModified": "2024-11-21T05:15:43.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-22T22:15:13.583", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "cybersecurity@ch.abb.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}