AC500 V2 webserver denial of service vulnerability
CVE-2020-24686

7.5HIGH

Key Information:

Vendor: Abb
Status: Ac500 V2 Products With Onboard Ethernet
Vendor: CVE Published:; 26 February 2021

What is CVE-2020-24686?

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.

Affected Version(s)

AC500 V2 products with onboard Ethernet All

References

https://search.abb.com/library/Download.aspx?DocumentID=3...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2021
Vulnerability Reserved
Aug 26, 2020

Abb

What is CVE-2020-24686?

Affected Version(s)

References

CVSS V3.1

Timeline