CVE-2020-24685

HIGH

ABB AC500 V2 <2.8.4 - DoS

Title source: llm

Description

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

References (1)

[Patch, Vendor Advisory] https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 8.6

EPSS 0.0063

EPSS Percentile 70.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-770 CWE-789

Status published

Products (1)

abb/ac500_cpu_firmware < 2.8.5

Published Feb 09, 2021

Tracked Since Feb 18, 2026