Vulnerability Description
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abb | Pm554 Firmware | - |
| Abb | Pm554 | - |
| Abb | Pm556 Firmware | - |
| Abb | Pm556 | - |
| Abb | Pm564 Firmware | - |
| Abb | Pm564 | - |
| Abb | Pm566 Firmware | - |
| Abb | Pm566 | - |
| Abb | Pm572 Firmware | - |
| Abb | Pm572 | - |
| Abb | Pm573 Firmware | - |
| Abb | Pm573 | - |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=Vendor Advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=Vendor Advisory
FAQ
What is CVE-2020-24686?
CVE-2020-24686 is a vulnerability with a CVSS score of 7.5 (HIGH). The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts...
How severe is CVE-2020-24686?
CVE-2020-24686 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24686?
Check the references section above for vendor advisories and patch information. Affected products include: Abb Pm554 Firmware, Abb Pm554, Abb Pm556 Firmware, Abb Pm556, Abb Pm564 Firmware.