CVE-2020-24686

AC500 V2 webserver denial of service vulnerability

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.

Las vulnerabilidades pueden ser explotadas para causar que al componente visualization web del PLC detenerse y que no responda, conllevando a usuarios genuinos perder la visibilidad remota del estado del PLC. Si un usuario intenta iniciar sesión en el PLC mientras es explotada esta vulnerabilidad, el PLC mostrará un estado de error y rechazará las conexiones con Automation Builder. La ejecución de la aplicación del PLC no está afectada por esta vulnerabilidad. Este problema afecta a los productos ABB AC500 V2 con Ethernet integrado

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-08-26 CVE Reserved
2021-02-26 CVE Published
2024-02-02 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch	2021-03-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Abb Search vendor "Abb"	Pm554 Firmware Search vendor "Abb" for product "Pm554 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	Pm554 Search vendor "Abb" for product "Pm554"	-	-	Safe
Abb Search vendor "Abb"	Pm556 Firmware Search vendor "Abb" for product "Pm556 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	Pm556 Search vendor "Abb" for product "Pm556"	-	-	Safe
Abb Search vendor "Abb"	Pm564 Firmware Search vendor "Abb" for product "Pm564 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	Pm564 Search vendor "Abb" for product "Pm564"	-	-	Safe
Abb Search vendor "Abb"	Pm566 Firmware Search vendor "Abb" for product "Pm566 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	Pm566 Search vendor "Abb" for product "Pm566"	-	-	Safe
Abb Search vendor "Abb"	Pm572 Firmware Search vendor "Abb" for product "Pm572 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	Pm572 Search vendor "Abb" for product "Pm572"	-	-	Safe
Abb Search vendor "Abb"	Pm573 Firmware Search vendor "Abb" for product "Pm573 Firmware"	-	-	Affected	in	Abb Search vendor "Abb"	Pm573 Search vendor "Abb" for product "Pm573"	-	-	Safe