CVE-2020-24675 : What You Need to Know
Learn about CVE-2020-24675 affecting ABB's Symphony Plus products. Discover the impact, affected systems, and mitigation steps to secure your environment.
In S+ Operations and S+ History, an unauthenticated user could inject values to the Operations History server, potentially impacting the controlled process.
Understanding CVE-2020-24675
This CVE involves weak authentication in ABB's Symphony Plus products.
What is CVE-2020-24675?
The vulnerability allows unauthorized users to inject values into the Operations History server, affecting the controlled process.
The Impact of CVE-2020-24675
- CVSS Base Score: 9.8 (Critical)
- Attack Vector: Network
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Technical Details of CVE-2020-24675
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The issue stems from weak authentication mechanisms, enabling unauthorized injection of values into the Operations History server.
Affected Systems and Versions
- ABB Ability™ Symphony® Plus Operations: < 3.3 Service Pack 1, < 2.1 SP2 Rollup 2, < 2.2
- ABB Ability™ Symphony® Plus Historian: < 3.2
Exploitation Mechanism
Unauthorized users can exploit the vulnerability by injecting values into the Operations History server.
Mitigation and Prevention
Protect your systems from CVE-2020-24675 with these strategies.
Immediate Steps to Take
- Apply vendor-supplied patches promptly.
- Implement strong authentication mechanisms.
- Monitor and restrict access to critical systems.
Long-Term Security Practices
- Regularly update and patch software.
- Conduct security assessments and audits.
- Educate users on secure practices.
Patching and Updates
Ensure timely installation of security patches and updates to mitigate the vulnerability.