CVE-2020-24683: Authentication Bypass in Symphony Plus
First published: Tue Dec 22 2020(Updated: )
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
Credit: cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Abb Symphony \+ Historian | =3.0 | |
| Abb Symphony \+ Historian | =3.1 | |
| Abb Symphony \+ Operations | =1.1 | |
| Abb Symphony \+ Operations | =2.0 | |
| Abb Symphony \+ Operations | =2.1-sp1 | |
| Abb Symphony \+ Operations | =2.1-sp2 | |
| Abb Symphony \+ Operations | =3.0 | |
| Abb Symphony \+ Operations | =3.1 | |
| Abb Symphony \+ Operations | =3.2 | |
| Abb Symphony \+ Operations | =3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-24683?
The severity of CVE-2020-24683 is critical with a severity value of 9.8.
What software versions are affected by CVE-2020-24683?
The affected versions of software include Abb Symphony + Historian 3.0, Abb Symphony + Historian 3.1, Abb Symphony + Operations 1.1, Abb Symphony + Operations 2.0, Abb Symphony + Operations 2.1 SP1, Abb Symphony + Operations 2.1 SP2, Abb Symphony + Operations 3.0, Abb Symphony + Operations 3.1, Abb Symphony + Operations 3.2, and Abb Symphony + Operations 3.3.
What is the vulnerability description of CVE-2020-24683?
CVE-2020-24683 is a vulnerability in the user authentication approach of S+ Operations versions 2.1 SP1 and earlier, which relies on validation at the client node (client-side authentication) and is not as secure as server-side validation.
How can I fix CVE-2020-24683?
To fix CVE-2020-24683, it is recommended to update to a patched version or apply the relevant security updates provided by the software vendor.
Where can I find more information about CVE-2020-24683?
For more information about CVE-2020-24683, you can refer to the following reference: [link](https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/abb
- canonical/abb symphony \+ historian
- version/abb symphony \+ historian/3.0
- version/abb symphony \+ historian/3.1
- canonical/abb symphony \+ operations
- version/abb symphony \+ operations/1.1
- version/abb symphony \+ operations/2.0
- version/abb symphony \+ operations/2.1-sp1
- version/abb symphony \+ operations/2.1-sp2
- version/abb symphony \+ operations/3.0
- version/abb symphony \+ operations/3.1
- version/abb symphony \+ operations/3.2
- version/abb symphony \+ operations/3.3