Insecure Windows Services in Symphony Plus
CVE-2020-24676

7.8HIGH

Key Information:

Vendor: Abb
Status: Abb Ability™ Symphony® Plus Operations; Abb Ability™ Symphony® Plus Historian
Vendor: CVE Published:; 22 December 2020

What is CVE-2020-24676?

In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.

Affected Version(s)

ABB Ability™ Symphony® Plus Historian < 3.2

ABB Ability™ Symphony® Plus Operations < 3.3 Service Pack 1

ABB Ability™ Symphony® Plus Operations < 2.1 SP2 Rollup 2

References

https://search.abb.com/library/Download.aspx?DocumentID=2...

x_refsource_MISC

https://search.abb.com/library/Download.aspx?DocumentID=2...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 22, 2020
Vulnerability Reserved
Aug 26, 2020

Abb

What is CVE-2020-24676?

Affected Version(s)

References

CVSS V3.1

Timeline