CVE-2020-24686
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
26/02/2021
Last modified:
05/03/2021
Description
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:abb:pm554_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:abb:pm554:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:pm556_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:abb:pm556:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:pm564_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:abb:pm564:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:pm566_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:abb:pm566:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:pm572_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:abb:pm572:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:abb:pm573_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:abb:pm573:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page