Description
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ABB / ABB Ability™ Symphony® Plus Historianunspecified – 3.2
- ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 3.3 Service Pack 1
- ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.1 SP2 Rollup 2
- ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.2