Abb Symphony Historian
By the Year
In 2024 there have been 0 vulnerabilities in Abb Symphony Historian . Symphony Historian did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 9 | 8.93 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Symphony Historian vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Abb Symphony Historian Security Vulnerabilities
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks
CVE-2020-24676
7.8 - High
- December 22, 2020
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication
CVE-2020-24683
9.8 - Critical
- December 22, 2020
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
Incorrect Resource Transfer Between Spheres
In S+ Operations and S+ Historian
CVE-2020-24680
7 - High
- December 22, 2020
In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.
Insufficiently Protected Credentials
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages
CVE-2020-24679
9.8 - Critical
- December 22, 2020
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.
Improper Input Validation
An authenticated user might execute malicious code under the user context and take control of the system
CVE-2020-24678
8.8 - High
- December 22, 2020
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.
Vulnerabilities in the S+ Operations and S+ Historian web applications
CVE-2020-24677
8.8 - High
- December 22, 2020
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
Improper Check for Unusual or Exceptional Conditions
In S+ Operations and S+ History, it is possible
CVE-2020-24675
9.8 - Critical
- December 22, 2020
In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process.
authentification
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected
CVE-2020-24674
8.8 - High
- December 22, 2020
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.
AuthZ
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data
CVE-2020-24673
9.8 - Critical
- December 22, 2020
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Abb Symphony Operations or by Abb? Click the Watch button to subscribe.