CVE-2020-24676: Insecure Windows Services in Symphony Plus
First published: Tue Dec 22 2020(Updated: )
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
Credit: cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Abb Symphony \+ Historian | =3.0 | |
| Abb Symphony \+ Historian | =3.1 | |
| Abb Symphony \+ Operations | =1.1 | |
| Abb Symphony \+ Operations | =2.0 | |
| Abb Symphony \+ Operations | =2.1-sp1 | |
| Abb Symphony \+ Operations | =2.1-sp2 | |
| Abb Symphony \+ Operations | =3.0 | |
| Abb Symphony \+ Operations | =3.1 | |
| Abb Symphony \+ Operations | =3.2 | |
| Abb Symphony \+ Operations | =3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/abb
- canonical/abb symphony \+ historian
- version/abb symphony \+ historian/3.0
- version/abb symphony \+ historian/3.1
- canonical/abb symphony \+ operations
- version/abb symphony \+ operations/1.1
- version/abb symphony \+ operations/2.0
- version/abb symphony \+ operations/2.1-sp1
- version/abb symphony \+ operations/2.1-sp2
- version/abb symphony \+ operations/3.0
- version/abb symphony \+ operations/3.1
- version/abb symphony \+ operations/3.2
- version/abb symphony \+ operations/3.3