CVE-2020-24686
HIGHABB AC500 V2 - Denial of Service in Web Visualization Component
Title source: llmDescription
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch
Scores
CVSS v3
7.5
EPSS
0.0085
EPSS Percentile
75.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (6)
abb/pm554_firmware
abb/pm556_firmware
abb/pm564_firmware
abb/pm566_firmware
abb/pm572_firmware
abb/pm573_firmware
Published
Feb 26, 2021
Tracked Since
Feb 18, 2026