Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Symphony plus historian'
2020-12-22
CVE-2020-24683
CWE-669
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
CVE-2020-24680
CWE-522
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
CVE-2020-24679
CWE-20
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.
CVE-2020-24678
CWE-269
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.
CVE-2020-24677
CWE-754
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
CVE-2020-24675
CWE-287
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.
CVE-2020-24674
CWE-863
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.
CVE-2020-24673
CWE-89
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.
>>>
Vendor:
ABB
65
Products
Pcu400
Interlink module
Irc5 opc server
Pc sdk
Pickmaster 3
Pickmaster 5
Robot communications runtime
Robotstudio
Robview 5
Webware sdk
Webware server
S4 opc server
Quickteach
Robotstudio s4
Robotstudio lite
Datamanager
Test signal viewer
Panel builder 800
Pcm600
Vsn300 firmware
Vsn300 for react firmware
Fox515t firmware
Netcadops
Sys600 firmware
Srea-01 firmware
Srea-50 firmware
Ip gateway firmware
Esoms
Gate-e1 firmware
Gate-e2 firmware
Cms-770 firmware
Cp400pb firmware
Eth-fw firmware
Fw firmware
Pm554-tp-eth firmware
Cp620-web firmware
Cp620 firmware
Cp630-web firmware
Cp630 firmware
Cp635-b firmware
Cp635-web firmware
Cp635 firmware
Cp651-web firmware
Cp651 firmware
Cp661-web firmware
Cp661 firmware
Cp665-web firmware
Cp665 firmware
Cp676-web firmware
Cp676 firmware
Plant connect
Power generation information manager
Pb610 panel builder 600
Asset suite
800xa base system
800xa information manager
Device library wizard
Symphony \+ historian
Symphony \+ operations
Symphony plus historian
Symphony plus operations
Base software
Update manager
Opc server for ac 800m
Ellipse enterprise asset management
Copyright
2024
, cxsecurity.com
Back to Top