{"cve":{"cve_id":"CVE-2020-24676","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00411,"epss_percentile":0.32669,"epss_as_of":"2026-06-23","description":"In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.","published_at":"2020-12-22T21:15:22.929000Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-274"],"nvd_references":["https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch","https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:13:52.059594Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"abb","vendor_name":"ABB","product_slug":"abb-ability-symphony-plus-historian","product_name":"ABB Ability™ Symphony® Plus Historian","version_start":"unspecified","version_start_inclusive":true,"version_end":"3.2","version_end_inclusive":false,"cpe23_uri":"cve5:abb:abb-ability-symphony-plus-historian:unspecified:3.2"},{"vendor_slug":"abb","vendor_name":"ABB","product_slug":"abb-ability-symphony-plus-operations","product_name":"ABB Ability™ Symphony® Plus Operations","version_start":"unspecified","version_start_inclusive":true,"version_end":"3.3 Service Pack 1","version_end_inclusive":false,"cpe23_uri":"cve5:abb:abb-ability-symphony-plus-operations:unspecified:3.3 Service Pack 1"},{"vendor_slug":"abb","vendor_name":"ABB","product_slug":"abb-ability-symphony-plus-operations","product_name":"ABB Ability™ Symphony® Plus Operations","version_start":"unspecified","version_start_inclusive":true,"version_end":"2.1 SP2 Rollup 2","version_end_inclusive":false,"cpe23_uri":"cve5:abb:abb-ability-symphony-plus-operations:unspecified:2.1 SP2 Rollup 2"},{"vendor_slug":"abb","vendor_name":"ABB","product_slug":"abb-ability-symphony-plus-operations","product_name":"ABB Ability™ Symphony® Plus Operations","version_start":"unspecified","version_start_inclusive":true,"version_end":"2.2","version_end_inclusive":false,"cpe23_uri":"cve5:abb:abb-ability-symphony-plus-operations:unspecified:2.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123980&LanguageCode=en&DocumentPartId=&Action=Launch","source_type":"MISC","tags":[]},{"url":"https://search.abb.com/library/Download.aspx?DocumentID=2PAA123982&LanguageCode=en&DocumentPartId=&Action=Launch","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2020-12-22T21:15:22.929000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:03:17.285518Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:03:17.285518Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:03:17.285518Z","label":"CVSS score revised","source":"cvelistv5"}]}