Lucene search

ABBCVELIST:CVE-2020-24685

HistoryFeb 09, 2021 - 3:57 a.m.

CVE-2020-24685 AC500 V2 unauthenticated crafter packet vulnerability

2021-02-0903:57:16

CWE-789

ABB

www.cve.org

cve-2020-24685

ac500 v2

unauthenticated

packet vulnerability

denial-of-service

plc

physical access

abb

onboard ethernet

version 2.8.4

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

CNA Affected

[
  {
    "product": "AC500 V2 products with onboard Ethernet",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "version 2.8.4 and prior versions"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for CVELIST:CVE-2020-24685