CVE-2020-24675 – CVE-2020-24675 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2020-24675?

CVE-2020-24675 has a CVSS score of 9.8 (CRITICAL). CVE-2020-24675 is an authentication bypass vulnerability in ABB's S+ Operations and S+ History software that allows unauthenticated attackers to inject values and write to controlled industrial processes. This affects systems running vulnerable versions of these ABB industrial control system products. The CVSS 9.8 score indicates critical severity due to the potential for remote code execution and process manipulation.

📋 TL;DR

CVE-2020-24675 is an authentication bypass vulnerability in ABB's S+ Operations and S+ History software that allows unauthenticated attackers to inject values and write to controlled industrial processes. This affects systems running vulnerable versions of these ABB industrial control system products. The CVSS 9.8 score indicates critical severity due to the potential for remote code execution and process manipulation.

💻 Affected Systems

Products:

ABB S+ Operations
ABB S+ History

Versions: Specific versions not detailed in references, but all vulnerable versions before patching

Operating Systems: Windows-based industrial control systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both Operations History server and standalone S+ History server configurations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to physical damage, production shutdown, safety system manipulation, or environmental harm through unauthorized process control.

🟠

Likely Case

Unauthorized data injection into industrial processes causing operational disruption, data integrity issues, or limited process manipulation.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to vulnerable systems.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation possible if systems are exposed to internet.

🏢 Internal Only: HIGH - Even internally, unauthenticated access allows attackers with network access to compromise systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-287 indicates improper authentication, making exploitation straightforward once vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available via ABB security advisories

Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch

Restart Required: Yes

Instructions:

1. Download patches from ABB security advisories 2. Apply patches to affected S+ Operations and S+ History servers 3. Restart affected services/systems 4. Verify patch application

🔧 Temporary Workarounds

Network Segmentation

all

Isolate S+ Operations and S+ History servers from untrusted networks

Access Control Lists

all

Implement strict firewall rules to limit access to vulnerable servers

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion detection systems monitoring for unusual process control commands

🔍 How to Verify

Check if Vulnerable:

Check system version against ABB security advisories and verify if patches have been applied

Check Version:

Check within S+ Operations/S+ History application interface or consult ABB documentation

Verify Fix Applied:

Verify patch installation via system logs and version checks, then test authentication requirements

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to Operations History server
Unexpected process control commands
Authentication bypass attempts

Network Indicators:

Unusual traffic to S+ Operations/History ports from unauthorized sources
Process control commands from unexpected IPs

SIEM Query:

source_ip NOT IN (authorized_ips) AND dest_port IN (splus_ports) AND protocol=tcp

📊 Metadata

CVE ID: CVE-2020-24675

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: December 22, 2020

Last Updated: November 21, 2024

🔗 References

https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24675, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Symphony \+ Historian by Abb

Symphony \+ Historian by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities