CVE-2024-8036

MEDIUM

ABB Automation Products - Crafted Firmware/Config Denial of Service or Takeover

Title source: manual

Description

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.

References (1)

Core 1

Core References

Various Sources

https://search.abb.com/library/Download.aspx?DocumentID=2NGA001911&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 5.9

EPSS 0.0014

EPSS Percentile 4.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-347

Status published

Products (50)

ABB/620 Series IEC/CN 2.0.0 - 2.0.13

ABB/620 Series IEC/CN 2.1.0 - 2.1.16

ABB/ARG600/ARP600 dual SIM 2.x.x - 3.4.13

ABB/ARG600/ARP600/ARR600/ARC600 single SIM 3.x.x - 3.4.13

ABB/ARM600 4.x.x - 5.0.3

ABB/COM600 3.3

ABB/COM600 3.4

ABB/COM600 3.5

ABB/COM600 4.0

ABB/COM600 4.1

... and 40 more

Published Oct 25, 2024

Tracked Since Feb 18, 2026