CVE-2024-0335

Name of the Vulnerable Software and Affected Versions: Symphony Plus S+ Operations versions 2.0;0 through 2.0 SP6 TC6 Symphony Plus S+ Operations versions 2.1;0 through 2.1 SP2 RU3 Symphony Plus S+ Operations versions 3.0;0 through 3.3 SP1 RU4 Symphony Plus S+ Engineering versions 2.1 through 2.3 RU3 Symphony Plus S+ Analyst versions 7.0.0.0 through 7.2.0.2

Description: The issue is related to errors in processing relative paths in the ABB VPNI feature of the S+ Control API component. Exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations: For Symphony Plus S+ Operations versions 2.0;0 through 2.0 SP6 TC6, update to a version outside of this range to resolve the issue. For Symphony Plus S+ Operations versions 2.1;0 through 2.1 SP2 RU3, update to a version outside of this range to resolve the issue. For Symphony Plus S+ Operations versions 3.0;0 through 3.3 SP1 RU4, update to a version outside of this range to resolve the issue. For Symphony Plus S+ Engineering versions 2.1 through 2.3 RU3, update to a version outside of this range to resolve the issue. For Symphony Plus S+ Analyst versions 7.0.0.0 through 7.2.0.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the ABB VPNI feature of the S+ Control API component until a patch is available.