cbcvebase.
CVE-2020-24683
published 2020-12-22

CVE-2020-24683: The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.41%
69.3th percentile
The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.

Affected

10 ranges
VendorProductVersion rangeFixed in
abbabb_ability_symphony_plus_operations>= unspecified < 2.1 SP12.1 SP1
abbsymphony_+_historian
abbsymphony_+_historian
abbsymphony_+_operations
abbsymphony_+_operations
abbsymphony_+_operations
abbsymphony_+_operations
abbsymphony_+_operations
abbsymphony_+_operations
abbsymphony_+_operations

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.