Vulnerability Description
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Ac500 Cpu Firmware | < 2.8.5 |
| Abb | Pm573-Eth | 2.0 |
| Abb | Pm583-Eth | 2.0 |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=PatchVendor Advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=PatchVendor Advisory
FAQ
What is CVE-2020-24685?
CVE-2020-24685 is a vulnerability with a CVSS score of 8.6 (HIGH). An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR ...
How severe is CVE-2020-24685?
CVE-2020-24685 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24685?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Ac500 Cpu Firmware, Abb Pm573-Eth, Abb Pm583-Eth.