CVE-2020-24685

Опубликовано: 09 фев. 2021

Источник: nvd

CVSS3: 8.6

CVSS2: 5

EPSS Низкий

Описание

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

Ссылки

https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch
Patch
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abb:ac500_cpu_firmware:*:*:*:*:*:*:*:*

Версия до 2.8.5 (исключая)

Одно из

cpe:2.3:h:abb:pm573-eth:2.0:*:*:*:*:*:*:*

cpe:2.3:h:abb:pm583-eth:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00804

Низкий

8.6 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-789

CWE-770

Связанные уязвимости

GHSA-cvwc-6hv2-wv97

github

больше 3 лет назад