CVE-2020-24679
HIGHABB Symphony+ Historian and Operations - Denial of Service and Remote Code Execution via Crafted Messages
Title source: llmDescription
A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation, Vendor Advisory x_refsource_misc
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch
Scores
CVSS v3
7.5
EPSS
0.0076
EPSS Percentile
73.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (9)
abb/symphony_\+_historian
3.0
abb/symphony_\+_historian
3.1
abb/symphony_\+_operations
1.1
abb/symphony_\+_operations
2.0
abb/symphony_\+_operations
2.1 sp1 (2 CPE variants)
abb/symphony_\+_operations
3.0
abb/symphony_\+_operations
3.1
abb/symphony_\+_operations
3.2
abb/symphony_\+_operations
3.3
Published
Dec 22, 2020
Tracked Since
Feb 18, 2026