CVE-2020-24674— Improper Authorization in Symphony Plus

CVSS 8.8 · High EPSS 4.18% · P89 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-24674

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Improper Authorization in Symphony Plus

Source: NVD (National Vulnerability Database)

Vulnerability Description

In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

ABB Symphony Plus Operations 和 ABB Symphony Plus Historian 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ABB Symphony Plus Operations和ABB Symphony Plus Historian都是瑞士ABB公司的产品。ABB Symphony Plus Operations是一个用于工业环境中为提高运营效率的管理设备。该设备提供易于使用的人机界面，无缝集成所有工厂设备和使用行业标准协议和技术的子系统，并提供警报管理、流程优化等功能。ABB Symphony Plus Historian是一个用于可视化查看管理工业设备历史信息的设备。 ABB Symphony Plus Operati

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ABB	ABB Ability™ Symphony® Plus Operations	unspecified ~ 3.3 Service Pack 1	-
ABB	ABB Ability™ Symphony® Plus Historian	unspecified ~ 3.2	-

II. Public POCs for CVE-2020-24674

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-24674

请登录查看更多情报信息。

Same Patch Batch · ABB · 2020-12-22 · 9 CVEs total

CVE-2020-24675	9.8 CRITICAL	Weak Authentication in Symphony Plus
CVE-2020-24673	9.8 CRITICAL	SQL Injection in Symphony Plus
CVE-2020-24683	9.8 CRITICAL	Authentication Bypass in Symphony Plus
CVE-2020-24677	8.8 HIGH	Insecure Web Service in Symphony Plus
CVE-2020-24678	8.8 HIGH	Potential Privilege Escalation in Symphony Plus
CVE-2020-24676	7.8 HIGH	Insecure Windows Services in Symphony Plus
CVE-2020-24679	7.5 HIGH	Denial of Service attack on Symphony Plus
CVE-2020-24680	7.0 HIGH	Improper Credential Storage in Symphony Plus

IV. Related Vulnerabilities

Same product: ABB Ability™ Symphony® Plus Operations

Same vendor: ABB

Same weakness: CWE-285

V. Comments for CVE-2020-24674

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-24674— Improper Authorization in Symphony Plus

I. Basic Information for CVE-2020-24674

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-24674

III. Intelligence Information for CVE-2020-24674

Same Patch Batch · ABB · 2020-12-22 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-24674

Leave a comment