CVE-2020-24685
HIGHABB AC500 CPU Firmware < 2.8.5 - Unauthenticated Denial of Service via Crafted Network Packet
Title source: llmDescription
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch
Scores
CVSS v3
8.6
EPSS
0.0161
EPSS Percentile
72.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-770
CWE-789
Status
published
Products (1)
abb/ac500_cpu_firmware
< 2.8.5
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026