The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application.
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Symphony_+_historian | Abb | 3.0 (including) | 3.0 (including) |
| Symphony_+_historian | Abb | 3.1 (including) | 3.1 (including) |
| Symphony_+_operations | Abb | 1.1 (including) | 1.1 (including) |
| Symphony_+_operations | Abb | 2.0 (including) | 2.0 (including) |
| Symphony_+_operations | Abb | 2.1-sp1 (including) | 2.1-sp1 (including) |
| Symphony_+_operations | Abb | 2.1-sp2 (including) | 2.1-sp2 (including) |
| Symphony_+_operations | Abb | 3.0 (including) | 3.0 (including) |
| Symphony_+_operations | Abb | 3.1 (including) | 3.1 (including) |
| Symphony_+_operations | Abb | 3.2 (including) | 3.2 (including) |
| Symphony_+_operations | Abb | 3.3 (including) | 3.3 (including) |