Lucene search

ABBCVELIST:CVE-2020-24685

HistoryFeb 09, 2021 - 3:57 a.m.

CVE-2020-24685 AC500 V2 unauthenticated crafter packet vulnerability

2021-02-0903:57:16

CWE-789

ABB

www.cve.org

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.5%

JSON

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

CNA Affected

[
  {
    "product": "AC500 V2 products with onboard Ethernet",
    "vendor": "ABB",
    "versions": [
      {
        "status": "affected",
        "version": "version 2.8.4 and prior versions"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for CVELIST:CVE-2020-24685