AC500 V2 unauthenticated crafter packet vulnerability
CVE-2020-24685

8.6HIGH

Key Information:

Vendor: Abb
Status: Ac500 V2 Products With Onboard Ethernet
Vendor: CVE Published:; 9 February 2021

What is CVE-2020-24685?

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

Affected Version(s)

AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions

References

https://search.abb.com/library/Download.aspx?DocumentID=3...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2021
Vulnerability Reserved
Aug 26, 2020

Abb

What is CVE-2020-24685?

Affected Version(s)

References

CVSS V3.1

Timeline