CVE-2020-24686 HIGH

CVE-2020-24686: AC500 V2 webserver denial of service vulnerability

Vendor Abb
Product AC500 V2 products with onboard Ethernet
Weakness CWE-400
Published February 26, 2021
Last update August 4, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.

Key dates

02Disclosure timeline

February 26, 2021 CVE published
August 4, 2024 Record updated