Vulnerabilites related to abb - pm572
CVE-2022-3192 (GCVE-0-2022-3192)
Vulnerability from cvelistv5
Published
2023-03-31 16:13
Modified
2025-02-11 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T18:39:53.320995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T18:40:07.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://abb.com/plc",
"defaultStatus": "unknown",
"packageName": "PM5xx",
"product": "AC500 V2",
"vendor": "ABB",
"versions": [
{
"lessThan": "2.8.6",
"status": "affected",
"version": "2.0.0",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks the following for working with us to help protect customers: CVE-2022-3192: Parul Sindhwad and Dr. Faruk Kazi of CoE CNDS lab, VJTI, Mumbai (India) for reporting this vulnerability following coordinated disclosure."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.\u003cp\u003eThis issue affects AC500 V2: from 2.0.0 before 2.8.6.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-220",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-220 Client-Server Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T03:57:46.530Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Improper Check for Unusual or Exceptional Conditions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUse the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis protocol/port is not affected by the DoS impact of the vulnerability.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Use the communication protocol \"Tcp/Ip\" instead of \"ABB Tcp/Ip Level 2\" (i.e. Port 1201 instead of 1200) for the connection between engineering software and PLC. \n\n\nThis protocol/port is not affected by the DoS impact of the vulnerability.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2022-3192",
"datePublished": "2023-03-31T16:13:13.149Z",
"dateReserved": "2022-09-13T05:57:45.421Z",
"dateUpdated": "2025-02-11T18:40:07.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24686 (GCVE-0-2020-24686)
Vulnerability from cvelistv5
Published
2021-02-26 15:10
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | AC500 V2 products with onboard Ethernet |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AC500 V2 products with onboard Ethernet",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T15:10:58",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AC500 V2 webserver denial of service vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2020-24686",
"STATE": "PUBLIC",
"TITLE": "AC500 V2 webserver denial of service vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AC500 V2 products with onboard Ethernet",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
"refsource": "CONFIRM",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-24686",
"datePublished": "2021-02-26T15:10:58",
"dateReserved": "2020-08-26T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-03-31 17:15
Modified
2024-11-21 07:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | ac500_cpu_firmware | * | |
| abb | pm5630-2eth | 2.0 | |
| abb | pm5650-2eth | 2.0 | |
| abb | pm5670-2eth | 2.0 | |
| abb | pm5675-2eth | 2.0 | |
| abb | pm571-eth-v14x | 2.0 | |
| abb | pm571-v14x | 2.0 | |
| abb | pm572 | 2.0 | |
| abb | pm573-eth | 2.0 | |
| abb | pm581-eth-v14x | 2.0 | |
| abb | pm581-v14x | 2.0 | |
| abb | pm582 | 2.0 | |
| abb | pm582-arcnet | 2.0 | |
| abb | pm582-eth | 2.0 | |
| abb | pm582-v14x | 2.0 | |
| abb | pm583-eth | 2.0 | |
| abb | pm585-eth | 2.0 | |
| abb | pm585-mc-kit | 2.0 | |
| abb | pm590-arcnet-v14x | 2.0 | |
| abb | pm590-eth | 2.0 | |
| abb | pm590-eth-v14x | 2.0 | |
| abb | pm590-mc-kit | 2.0 | |
| abb | pm590-v14x | 2.0 | |
| abb | pm591-2eth | 2.0 | |
| abb | pm591-arcnet-v14x | 2.0 | |
| abb | pm591-eth | 2.0 | |
| abb | pm591-eth-v14x | 2.0 | |
| abb | pm591-v14x | 2.0 | |
| abb | pm592-eth | 2.0 | |
| abb | pm595-4eth-f | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:ac500_cpu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7406B7B-1572-41B5-AD56-7D2CEA6837DD",
"versionEndExcluding": "2.8.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm5630-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C695046-6ECB-44A2-A9BB-7A1E7947F1DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm5650-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE080234-896D-4CD6-AE73-9B34A401AA48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm5670-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B28B588-04F8-434E-80E5-BD3BEADA6D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm5675-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE593469-15CB-4308-A508-1DA8DB7C0F34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm571-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43FC52BE-B3AD-4E3D-A725-14F26DB68DA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm571-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEFC52F-720F-48D4-B256-621B39B41FA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm572:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "244316B6-6BD3-464B-9633-E4F0548CB500",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm573-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E50EDB62-28E9-42DB-A6D5-8F08050FD882",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm581-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD582C27-64FB-419B-9B90-6E4A9288CC14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm581-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E659B-67B1-4C8C-8758-D451BFD1C0DE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3CA7E5-BE88-4F80-AB56-C0B3A3AC2AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582-arcnet:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "530D0396-3A6E-4ADD-99C2-711DD05E217D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A066AACA-B962-4554-A540-3A9615C8587A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm582-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3921759-E3A3-46CE-973B-F6F4979E4522",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm583-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEC2866-83F4-4546-9B1D-395E0AA0B2F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm585-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05C4DE95-404E-43E2-BB39-763D4793ABB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm585-mc-kit:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B39C7B7E-07F5-4C4B-9B89-415608EB2E65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-arcnet-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13DC199A-73C6-48A0-8495-9ADA49CD04F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29BAFCA6-1BE6-49F1-B553-9D2579319B2E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD186FAD-48F1-4021-A94A-8B36586D8942",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-mc-kit:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "251C578B-E061-4825-B558-AEC670C0BF87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm590-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C10F3025-B5D1-42F7-824C-469BC5BDEDF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-2eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD806FD1-D7FC-4A1D-826F-B6C28112FED3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-arcnet-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21FB3060-A9C8-4A5C-A3B6-6CB03B366117",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FDA1B4A-AC9C-4D79-8F1E-F21F6C1973EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-eth-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CA00FD-25C6-4BCC-8651-1442A96A1696",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm591-v14x:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20060D95-F9F7-4D7C-9547-23A8B1783842",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm592-eth:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFB7CF2-1CDC-4674-8D4B-94056042BA6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:abb:pm595-4eth-f:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "137C1C80-4DF4-4297-92A3-7C902C55007A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de validaci\u00f3n de entrada incorrecta en ABB AC500 V2 PM5xx permite la Manipulaci\u00f3n del Protocolo Cliente-Servidor.Este problema afecta a AC500 V2: de la veris\u00f3n 2.0.0 a la 2.8.6."
}
],
"id": "CVE-2022-3192",
"lastModified": "2024-11-21T07:19:00.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-31T17:15:06.427",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011162\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-26 16:15
Modified
2024-11-21 05:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abb | pm554_firmware | - | |
| abb | pm554 | - | |
| abb | pm556_firmware | - | |
| abb | pm556 | - | |
| abb | pm564_firmware | - | |
| abb | pm564 | - | |
| abb | pm566_firmware | - | |
| abb | pm566 | - | |
| abb | pm572_firmware | - | |
| abb | pm572 | - | |
| abb | pm573_firmware | - | |
| abb | pm573 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:pm554_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F5413EF-685B-44A7-9962-7EFCD368DBF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm554:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AAF9DB-2AD0-4216-B923-C871370C8600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:pm556_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3478A705-A1CB-455D-B153-F34F613F284E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm556:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76947DED-1D53-480A-BA49-524CF538559B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:pm564_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7189138-6F0F-4D1D-83B1-BB19F3B33061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm564:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60197A8D-B7B6-446F-AA03-4CAECCF51180",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:pm566_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0072D0C-5677-4221-8B57-57A0B1DA0D70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm566:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E89D098-0624-4903-BB5F-D5ED41CD610B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:pm572_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4DD98B2-1FF1-4F93-8595-E536194BB9FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm572:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC727AD5-BFA3-467B-9845-FDC667BEE2C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abb:pm573_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDA5A17-CE2C-4BB2-8424-AE5A256A0D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abb:pm573:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED79982-93C9-47A1-A522-FFDB4AF944CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet."
},
{
"lang": "es",
"value": "Las vulnerabilidades pueden ser explotadas para causar que al componente visualization web del PLC detenerse y que no responda, conllevando a usuarios genuinos perder la visibilidad remota del estado del PLC.\u0026#xa0;Si un usuario intenta iniciar sesi\u00f3n en el PLC mientras es explotada esta vulnerabilidad, el PLC mostrar\u00e1 un estado de error y rechazar\u00e1 las conexiones con Automation Builder.\u0026#xa0;La ejecuci\u00f3n de la aplicaci\u00f3n del PLC no est\u00e1 afectada por esta vulnerabilidad.\u0026#xa0;Este problema afecta a los productos ABB AC500 V2 con Ethernet integrado"
}
],
"id": "CVE-2020-24686",
"lastModified": "2024-11-21T05:15:47.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-26T16:15:12.357",
"references": [
{
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cybersecurity@ch.abb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}