What is CVE-2020-24680?

CVE-2020-24680 is a vulnerability in ABB Symphony+ Operations and Symphony+ Historian where the passwords of internal users are improperly stored in a database.

What is the severity of CVE-2020-24680?

CVE-2020-24680 has a severity level of high.

Which software versions are affected by CVE-2020-24680?

CVE-2020-24680 affects ABB Symphony+ Historian versions 3.0 and 3.1, as well as ABB Symphony+ Operations versions 1.1, 2.0, 2.1-sp1, 2.1-sp2, 3.0, 3.1, 3.2, and 3.3.

How are the passwords of internal users stored in ABB Symphony+ Operations and Symphony+ Historian?

The passwords of internal users in ABB Symphony+ Operations and Symphony+ Historian are encrypted but improperly stored in a database.

Is there a fix available for CVE-2020-24680?

Yes, ABB has provided patches and specific hardening measures to address the vulnerability. Please refer to the provided references for more information.

Vulnerability/
CVE-2020-24680

high

CWE

522 255

22/12/2020

17/9/2024

CVE-2020-24680: Improper Credential Storage in Symphony Plus

First published: Tue Dec 22 2020(Updated: )

In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database.

Credit: cybersecurity@ch.abb.com

Affected Software	Affected Version	How to fix
Abb Symphony \+ Historian	=3.0
Abb Symphony \+ Historian	=3.1
Abb Symphony \+ Operations	=1.1
Abb Symphony \+ Operations	=2.0
Abb Symphony \+ Operations	=2.1-sp1
Abb Symphony \+ Operations	=2.1-sp2
Abb Symphony \+ Operations	=3.0
Abb Symphony \+ Operations	=3.1
Abb Symphony \+ Operations	=3.2
Abb Symphony \+ Operations	=3.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-24680?
CVE-2020-24680 is a vulnerability in ABB Symphony+ Operations and Symphony+ Historian where the passwords of internal users are improperly stored in a database.
What is the severity of CVE-2020-24680?
CVE-2020-24680 has a severity level of high.
Which software versions are affected by CVE-2020-24680?
CVE-2020-24680 affects ABB Symphony+ Historian versions 3.0 and 3.1, as well as ABB Symphony+ Operations versions 1.1, 2.0, 2.1-sp1, 2.1-sp2, 3.0, 3.1, 3.2, and 3.3.
How are the passwords of internal users stored in ABB Symphony+ Operations and Symphony+ Historian?
The passwords of internal users in ABB Symphony+ Operations and Symphony+ Historian are encrypted but improperly stored in a database.
Is there a fix available for CVE-2020-24680?
Yes, ABB has provided patches and specific hardening measures to address the vulnerability. Please refer to the provided references for more information.

collector/nvd-index
agent/weakness
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/severity
agent/author
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/abb
canonical/abb symphony \+ historian
version/abb symphony \+ historian/3.0
version/abb symphony \+ historian/3.1
canonical/abb symphony \+ operations
version/abb symphony \+ operations/1.1
version/abb symphony \+ operations/2.0
version/abb symphony \+ operations/2.1-sp1
version/abb symphony \+ operations/2.1-sp2
version/abb symphony \+ operations/3.0
version/abb symphony \+ operations/3.1
version/abb symphony \+ operations/3.2
version/abb symphony \+ operations/3.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.