CVE-2020-24686

{"id": "CVE-2020-24686", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-02-26T16:15:12.357", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@ch.abb.com"}, {"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet."}, {"lang": "es", "value": "Las vulnerabilidades pueden ser explotadas para causar que al componente visualization web del PLC detenerse y que no responda, conllevando a usuarios genuinos perder la visibilidad remota del estado del PLC. Si un usuario intenta iniciar sesi\u00f3n en el PLC mientras es explotada esta vulnerabilidad, el PLC mostrar\u00e1 un estado de error y rechazar\u00e1 las conexiones con Automation Builder. La ejecuci\u00f3n de la aplicaci\u00f3n del PLC no est\u00e1 afectada por esta vulnerabilidad. Este problema afecta a los productos ABB AC500 V2 con Ethernet integrado"}], "lastModified": "2024-11-21T05:15:47.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:pm554_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F5413EF-685B-44A7-9962-7EFCD368DBF5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:pm554:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4AAF9DB-2AD0-4216-B923-C871370C8600"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:pm556_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3478A705-A1CB-455D-B153-F34F613F284E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:pm556:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "76947DED-1D53-480A-BA49-524CF538559B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:pm564_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7189138-6F0F-4D1D-83B1-BB19F3B33061"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:pm564:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60197A8D-B7B6-446F-AA03-4CAECCF51180"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:pm566_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0072D0C-5677-4221-8B57-57A0B1DA0D70"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:pm566:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E89D098-0624-4903-BB5F-D5ED41CD610B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:pm572_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4DD98B2-1FF1-4F93-8595-E536194BB9FE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:pm572:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC727AD5-BFA3-467B-9845-FDC667BEE2C9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abb:pm573_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EDA5A17-CE2C-4BB2-8424-AE5A256A0D06"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abb:pm573:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8ED79982-93C9-47A1-A522-FFDB4AF944CC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@ch.abb.com"}