CVE-2020-24679

Description

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

ABB / ABB Ability™ Symphony® Plus Historianunspecified – 3.2
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 3.3 Service Pack 1
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.1 SP2 Rollup 2
ABB / ABB Ability™ Symphony® Plus Operationsunspecified – 2.2

References

MISChttps://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
MISChttps://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch