10
CVE-2020-24679
- EPSS 0.76%
- Veröffentlicht 22.12.2020 22:15:13
- Zuletzt bearbeitet 21.11.2024 05:15:43
- Quelle cybersecurity@ch.abb.com
- Teams Watchlist Login
- Unerledigt Login
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Abb ≫ Symphony + Historian Version3.0
Abb ≫ Symphony + Historian Version3.1
Abb ≫ Symphony + Operations Version1.1
Abb ≫ Symphony + Operations Version2.0
Abb ≫ Symphony + Operations Version2.1 Updatesp1
Abb ≫ Symphony + Operations Version2.1 Updatesp2
Abb ≫ Symphony + Operations Version3.0
Abb ≫ Symphony + Operations Version3.1
Abb ≫ Symphony + Operations Version3.2
Abb ≫ Symphony + Operations Version3.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.711 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| cybersecurity@ch.abb.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.