CVE-2020-24679 Vulnerability Details

  /     /     /  

CVE-2020-24679 Metadata Quick Info

CVE Published: 22/12/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: ABB | Vendor: ABB | Product: ABB Ability™ Symphony® Plus Operations
Status : PUBLISHED

---

CVE-2020-24679 Description

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-20
CWE Name: CWE-20 Improper Input Validation
Source: ABB

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).