Vulnerability Details CVE-2020-24683
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-24683
-
cpe:2.3:a:abb:symphony_+_historian:3.0
-
cpe:2.3:a:abb:symphony_+_historian:3.1
-
cpe:2.3:a:abb:symphony_+_operations:1.1
-
cpe:2.3:a:abb:symphony_+_operations:2.0
-
cpe:2.3:a:abb:symphony_+_operations:2.1
-
cpe:2.3:a:abb:symphony_+_operations:3.0
-
cpe:2.3:a:abb:symphony_+_operations:3.1
-
cpe:2.3:a:abb:symphony_+_operations:3.2
-
cpe:2.3:a:abb:symphony_+_operations:3.3