CVE-2020-24679

Denial of Service attack on Symphony Plus

CVSS 7.5 HIGHEPSS 1.7%CWE-20

In short

Symphony Plus services can be crashed or compromised by sending specially crafted messages over the network. This allows attackers to disrupt operations or potentially take control of the affected system.

Technical detail

CWE-20 input validation flaw in S+ Operations and S+ Historian services allows remote attackers to trigger denial of service or arbitrary code execution via malformed messages without requiring authentication or special privileges.

Summary generated and translated by AI from the official description.

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

ABB · ABB Ability™ Symphony® Plus Historian ABB · ABB Ability™ Symphony® Plus Operations

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch