CVE-2020-24686
CVSS V2 Medium 5
CVSS V3 High 7.5
Description
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
Overview
- CVE ID
- CVE-2020-24686
- Assigner
- cybersecurity@ch.abb.com
- Vulnerability Status
- Analyzed
- Published Version
- 2021-02-26T16:15:12
- Last Modified Date
- 2021-03-05T14:13:47
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:abb:pm554_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:abb:pm554:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:abb:pm556_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:abb:pm556:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:abb:pm564_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:abb:pm564:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:abb:pm566_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:abb:pm566:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:abb:pm572_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:abb:pm572:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:abb:pm573_firmware:-:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:abb:pm573:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- NONE
- Availability Impact
- PARTIAL
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- HIGH
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2020-24686 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24686 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 07:20:54 | Added to TrackCVE | |||
| 2022-12-05 22:52:50 | 2021-02-26T16:15Z | 2021-02-26T16:15:12 | CVE Published Date | updated |
| 2022-12-05 22:52:50 | 2021-03-05T14:13:47 | CVE Modified Date | updated | |
| 2022-12-05 22:52:50 | Analyzed | Vulnerability Status | updated |