CVE-2020-24674

{"id": "CVE-2020-24674", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-12-22T22:15:13.147", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Mitigation", "Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Mitigation", "Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines."}, {"lang": "es", "value": "En S+ Operations y S+ Historian, no todos los comandos del cliente comprueban correctamente los permisos del usuario como se esperaba. Los usuarios remotos autenticados pero no autorizados podr\u00edan ejecutar un ataque de denegaci\u00f3n de servicio (DoS), ejecutar c\u00f3digo arbitrario u obtener m\u00e1s privilegios de los previstos en las m\u00e1quinas"}], "lastModified": "2024-11-21T05:15:41.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:abb:symphony_\\+_historian:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAAEE275-0C2C-4D15-B0CB-B51706015769"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_historian:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A89B5F4-5BE7-4B0E-9ADF-46630017221C"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21FB4D84-598C-486D-9A16-F24AEAA8B2A5"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96371CD8-6C8A-459E-9A7E-34694B9F648E"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:2.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D3E3D88-6544-459D-A5F3-AFB682FF8462"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:2.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED64EBDB-B30B-49ED-88C9-7FC2B092FEA3"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6281EC9-5771-4B95-B18C-C11A0EABDA25"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B553708-205B-4B87-BFE9-1570C1AAE06F"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8D38257-9207-4AED-818F-EA6E09393491"}, {"criteria": "cpe:2.3:a:abb:symphony_\\+_operations:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBFA7A6-0EF8-46FC-B92F-AF448531B997"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@ch.abb.com"}