CVE-2020-24686
Last modified
CVE-2020-24686 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. EPSS estimates a 1.42% chance of exploitation in the next 30 days.
Description
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Abb | Pm554 Firmware | All versions |
| Abb | Pm556 Firmware | All versions |
| Abb | Pm564 Firmware | All versions |
| Abb | Pm566 Firmware | All versions |
| Abb | Pm572 Firmware | All versions |
| Abb | Pm573 Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-24686?
How severe is CVE-2020-24686?
How do I fix CVE-2020-24686?
Are you affected by CVE-2020-24686?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST