CVSS: 5.3EPSS: 0%CPEs: 30EXPL: 0CVE-2022-3192 – Improper Check for Unusual or Exceptional Conditions
https://notcve.org/view.php?id=CVE-2022-3192
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6. La vulnerabilidad de validación de entrada incorrecta en ABB AC500 V2 PM5xx permite la Manipulación del Protocolo Cliente-Servidor.Este problema afecta a AC500 V2: de la verisón 2.0.0 a la 2.8.6. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2020-24686 – AC500 V2 webserver denial of service vulnerability
https://notcve.org/view.php?id=CVE-2020-24686
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. Las vulnerabilidades pueden ser explotadas para causar que al componente visualization web del PLC detenerse y que no responda, conllevando a usuarios genuinos perder la visibilidad remota del estado del PLC. • https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24685 – AC500 V2 unauthenticated crafter packet vulnerability
https://notcve.org/view.php?id=CVE-2020-24685
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions. Un paquete no autenticado especialmente diseñado y enviado por un atacante a través de la red causará una vulnerabilidad de denegación de servicio (DoS). • https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •