{"containers":{"cna":{"affected":[{"product":"ABB Ability™ Symphony® Plus Operations","vendor":"ABB","versions":[{"lessThan":"3.3 Service Pack 1","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"2.1 SP2 Rollup 2","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"2.2","status":"affected","version":"unspecified","versionType":"custom"}]},{"product":"ABB Ability™ Symphony® Plus Historian","vendor":"ABB","versions":[{"lessThan":"3.2","status":"affected","version":"unspecified","versionType":"custom"}]}],"datePublic":"2020-12-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-274","description":"CWE-274 Improper Handling of Insufficient Privileges","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-12-22T21:15:22.000Z","orgId":"2b718523-d88f-4f37-9bbd-300c20644bf9","shortName":"ABB"},"references":[{"tags":["x_refsource_MISC"],"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"},{"tags":["x_refsource_MISC"],"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}],"source":{"advisory":"2PAA123980, 2PAA123982","discovery":"INTERNAL"},"title":"Insecure Windows Services in Symphony Plus","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cybersecurity@ch.abb.com","DATE_PUBLIC":"2020-12-15T13:10:00.000Z","ID":"CVE-2020-24676","STATE":"PUBLIC","TITLE":"Insecure Windows Services in Symphony Plus"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ABB Ability™ Symphony® Plus Operations","version":{"version_data":[{"version_affected":"<","version_value":"3.3 Service Pack 1"},{"version_affected":"<","version_value":"2.1 SP2 Rollup 2"},{"version_affected":"<","version_value":"2.2"}]}},{"product_name":"ABB Ability™ Symphony® Plus Historian","version":{"version_data":[{"version_affected":"<","version_value":"3.2"}]}}]},"vendor_name":"ABB"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-274 Improper Handling of Insufficient Privileges"}]}]},"references":{"reference_data":[{"name":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"},{"name":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch","refsource":"MISC","url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}]},"source":{"advisory":"2PAA123980, 2PAA123982","discovery":"INTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T15:19:09.298Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"}]}]},"cveMetadata":{"assignerOrgId":"2b718523-d88f-4f37-9bbd-300c20644bf9","assignerShortName":"ABB","cveId":"CVE-2020-24676","datePublished":"2020-12-22T21:15:22.929Z","dateReserved":"2020-08-26T00:00:00.000Z","dateUpdated":"2024-09-16T21:57:54.934Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}