Skip to main content

Abb CVE-2024-0335

HIGH
Relative Path Traversal (CWE-23)
2024-04-03 cybersecurity@ch.abb.com
7.5
CVSS 3.1 · Vendor: ch
Share

Severity by source

Vendor (ch) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (ch) · only source for this CVE.

CVSS VectorVendor: ch

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 03, 2024 - 19:15 cve.org
HIGH 7.5

DescriptionCVE.org

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)

This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.

AnalysisAI

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-23. ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst).0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. Version information: through 3.3.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Abb

View all
CVE-2012-0245 CRITICAL
10.0 Mar 09

Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used

CVE-2024-6298 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2024-6209 CRITICAL POC
9.4 Jul 05

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.

CVE-2017-17888 HIGH POC
8.8 Dec 27

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500,

CVE-2019-7225 HIGH POC
8.8 Jun 27

The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI i

CVE-2019-7226 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication a

CVE-2019-7228 HIGH POC
8.8 Jun 27

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Rated high

CVE-2019-7232 HIGH POC
8.8 Jun 24

The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. Rated high

CVE-2019-7230 HIGH POC
8.8 Jun 24

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Rated high severity (

CVE-2024-4007 HIGH POC
8.7 Jul 01

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login t

CVE-2019-7229 HIGH POC
8.3 Jun 24

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilizat

CVE-2019-18997 HIGH POC
7.5 Dec 18

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work f

Share

CVE-2024-0335 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy