Search criteria
4 vulnerabilities found for ac500_cpu_firmware by abb
CVE-2022-3192 (GCVE-0-2022-3192)
Vulnerability from nvd – Published: 2023-03-31 16:13 – Updated: 2025-02-11 18:40
VLAI?
Title
Improper Check for Unusual or Exceptional Conditions
Summary
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
Severity ?
5.3 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Credits
ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:39:53.320995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:40:07.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://abb.com/plc",
"defaultStatus": "unknown",
"packageName": "PM5xx",
"product": "AC500 V2",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.8.6",
"status": "affected",
"version": "2.0.0",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.\u003cp\u003eThis issue affects AC500 V2: from 2.0.0 before 2.8.6.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T03:57:46.530Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Improper Check for Unusual or Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUse the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis protocol/port is not affected by the DoS impact of the vulnerability.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-3192",
"datePublished": "2023-03-31T16:13:13.149Z",
"dateReserved": "2022-09-13T05:57:45.421Z",
"dateUpdated": "2025-02-11T18:40:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24685 (GCVE-0-2020-24685)
Vulnerability from nvd – Published: 2021-02-09 03:57 – Updated: 2024-08-04 15:19
VLAI?
Title
AC500 V2 unauthenticated crafter packet vulnerability
Summary
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
Severity ?
8.6 (High)
CWE
- An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application.
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | AC500 V2 products with onboard Ethernet |
Affected:
version 2.8.4 and prior versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC500 V2 products with onboard Ethernet",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "version 2.8.4 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application.",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T03:57:16",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC500 V2 unauthenticated crafter packet vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-24685",
"STATE": "PUBLIC",
"TITLE": "AC500 V2 unauthenticated crafter packet vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AC500 V2 products with onboard Ethernet",
"version": {
"version_data": [
{
"version_value": "version 2.8.4 and prior versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application."
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-789 Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-24685",
"datePublished": "2021-02-09T03:57:16",
"dateReserved": "2020-08-26T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3192 (GCVE-0-2022-3192)
Vulnerability from cvelistv5 – Published: 2023-03-31 16:13 – Updated: 2025-02-11 18:40
VLAI?
Title
Improper Check for Unusual or Exceptional Conditions
Summary
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
Severity ?
5.3 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Credits
ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:39:53.320995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:40:07.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://abb.com/plc",
"defaultStatus": "unknown",
"packageName": "PM5xx",
"product": "AC500 V2",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.8.6",
"status": "affected",
"version": "2.0.0",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.\u003cp\u003eThis issue affects AC500 V2: from 2.0.0 before 2.8.6.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T03:57:46.530Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Improper Check for Unusual or Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUse the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis protocol/port is not affected by the DoS impact of the vulnerability.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-3192",
"datePublished": "2023-03-31T16:13:13.149Z",
"dateReserved": "2022-09-13T05:57:45.421Z",
"dateUpdated": "2025-02-11T18:40:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24685 (GCVE-0-2020-24685)
Vulnerability from cvelistv5 – Published: 2021-02-09 03:57 – Updated: 2024-08-04 15:19
VLAI?
Title
AC500 V2 unauthenticated crafter packet vulnerability
Summary
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
Severity ?
8.6 (High)
CWE
- An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application.
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | AC500 V2 products with onboard Ethernet |
Affected:
version 2.8.4 and prior versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC500 V2 products with onboard Ethernet",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "version 2.8.4 and prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application.",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T03:57:16",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC500 V2 unauthenticated crafter packet vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-24685",
"STATE": "PUBLIC",
"TITLE": "AC500 V2 unauthenticated crafter packet vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AC500 V2 products with onboard Ethernet",
"version": {
"version_data": [
{
"version_value": "version 2.8.4 and prior versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application."
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-789 Memory Allocation with Excessive Size Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-24685",
"datePublished": "2021-02-09T03:57:16",
"dateReserved": "2020-08-26T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}