CVE Vulnerability

CVE-2020-24686

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-02-26 04:15

Updated : 2021-03-05 02:13

NVD link : CVE-2020-24686

Mitre link : CVE-2020-24686

Products Affected
No products.
CWE
CWE-400