CVE-2020-24679 – CVE-2020-24679 is a vulnerability in ABB's S+ O... (How to Fix)

Q: What is the severity of CVE-2020-24679?

CVE-2020-24679 has a CVSS score of 7.5 (HIGH). CVE-2020-24679 is a vulnerability in ABB's S+ Operations and S+ Historian services where specially crafted messages can cause denial of service or potentially arbitrary code execution. This affects industrial control systems using these ABB products, potentially allowing attackers to disrupt operations or gain control of affected systems.

📋 TL;DR

CVE-2020-24679 is a vulnerability in ABB's S+ Operations and S+ Historian services where specially crafted messages can cause denial of service or potentially arbitrary code execution. This affects industrial control systems using these ABB products, potentially allowing attackers to disrupt operations or gain control of affected systems.

💻 Affected Systems

Products:

ABB S+ Operations
ABB S+ Historian

Versions: Specific versions not detailed in references, but all unpatched versions are likely affected

Operating Systems: Windows (typical for industrial control systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the service components of these industrial control system products. Exact version ranges should be verified with vendor documentation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, operational disruption, and potential safety impacts in industrial environments.

🟠

Likely Case

Service crashes causing denial of service and operational downtime in affected industrial systems.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially only causing temporary service interruptions.

🌐 Internet-Facing: HIGH - If exposed to untrusted networks, attackers can send crafted messages without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this, but requires network access to the service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific messages to the service, but no authentication is needed if network access is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available via vendor advisories

Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch

Restart Required: Yes

Instructions:

1. Download patches from ABB advisory links. 2. Apply patches following vendor instructions. 3. Restart affected services. 4. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to S+ Operations and Historian services to only trusted systems

Firewall Rules

all

Implement strict firewall rules to limit which systems can communicate with vulnerable services

🧯 If You Can't Patch

Implement strict network segmentation and access controls
Deploy intrusion detection systems to monitor for crafted message patterns

🔍 How to Verify

Check if Vulnerable:

Check if running affected ABB S+ Operations or Historian versions without patches applied

Check Version:

Check product version through ABB management interfaces or Windows Services

Verify Fix Applied:

Verify patch installation via vendor documentation and check service version after patching

📡 Detection & Monitoring

Log Indicators:

Service crash logs
Unusual connection attempts to S+ services
Error messages related to malformed messages

Network Indicators:

Unusual traffic patterns to S+ service ports
Crafted message patterns in network traffic

SIEM Query:

source="*S+*" AND (event_type="crash" OR message="*malformed*" OR message="*crafted*")

📊 Metadata

CVE ID: CVE-2020-24679

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: December 22, 2020

Last Updated: November 21, 2024

🔗 References

https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24679, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Symphony \+ Historian by Abb

Symphony \+ Historian by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

Symphony \+ Operations by Abb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities