7.5
CVE-2024-0335
- EPSS 0.3%
- Veröffentlicht 03.04.2024 19:15:43
- Zuletzt bearbeitet 21.11.2024 08:46:20
- Quelle cybersecurity@ch.abb.com
- Teams Watchlist Login
- Unerledigt Login
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerabb
≫
Produkt
symphony_plus_s\+_operations
Default Statusunknown
Version <=
3.3_sp1_ru4
Version
3.3
Status
affected
Herstellerabb
≫
Produkt
symphony_plus_s\+_operations
Default Statusunknown
Version <=
2.1_sp2_ru3
Version
2.1
Status
affected
Herstellerabb
≫
Produkt
symphony_plus_s\+_operations
Default Statusunknown
Version <=
2.0_sp6_tc6
Version
2.0
Status
affected
Herstellerabb
≫
Produkt
symphony_plus_s\+_engineering
Default Statusunknown
Version <=
2.3_ru3
Version
2.1
Status
affected
Herstellerabb
≫
Produkt
symphony_plus_s\+_analyst
Default Statusunknown
Version <=
7.2.0.2
Version
7.0.0.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.525 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cybersecurity@ch.abb.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.