CVE-2020-24673

Опубликовано: 22 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.

Ссылки

https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:abb:symphony_\+_historian:3.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_historian:3.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:1.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.1:sp1:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.1:sp2:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.2:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00405

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-vmcm-jg37-m6m9

github

больше 3 лет назад