CVE-2020-24677

Опубликовано: 22 дек. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.

Ссылки

https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:abb:symphony_\+_historian:3.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_historian:3.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:1.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.1:sp1:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.1:sp2:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.2:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01137

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-754

Связанные уязвимости

GHSA-fcfx-pc78-jw2m

github

больше 3 лет назад