CVE-2020-24685
AC500 V2 unauthenticated crafter packet vulnerability
In short
An attacker can send a specially crafted network packet to an ABB AC500 V2 device without needing to log in, causing it to crash and stop working. Physical access is then needed to restart the device.
Technical detail
An unauthenticated remote attacker can send a crafted packet over the network to trigger a denial-of-service condition in ABB AC500 V2 devices with onboard Ethernet version 2.8.4 and earlier, causing the PLC to halt operation and requiring physical intervention to recover. No authentication or special prerequisites are required for exploitation.
Summary generated and translated by AI from the official description.
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected products
ABB · AC500 V2 products with onboard EthernetWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →