Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24686

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.

Published

2021-02-26T16:15:12.357

Last Modified

2024-11-21T05:15:47.540

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	abb	pm554_firmware	-	Yes
Hardware	abb	pm554	-	No
Operating System	abb	pm556_firmware	-	Yes
Hardware	abb	pm556	-	No
Operating System	abb	pm564_firmware	-	Yes
Hardware	abb	pm564	-	No
Operating System	abb	pm566_firmware	-	Yes
Hardware	abb	pm566	-	No
Operating System	abb	pm572_firmware	-	Yes
Hardware	abb	pm572	-	No
Operating System	abb	pm573_firmware	-	Yes
Hardware	abb	pm573	-	No

References

https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory ([email protected])
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)