CVE-2020-24683

Опубликовано: 22 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

Ссылки

https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:abb:symphony_\+_historian:3.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_historian:3.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:1.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.1:sp1:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:2.1:sp2:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.0:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.1:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.2:*:*:*:*:*:*:*

cpe:2.3:a:abb:symphony_\+_operations:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00454

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-305

CWE-669

Связанные уязвимости

GHSA-r3q7-7pwq-hqq8

github

больше 3 лет назад