First published: Fri Feb 26 2021(Updated: )
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
Credit: cybersecurity@ch.abb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Abb Pm554 Firmware | ||
Abb Pm554 | ||
Abb Pm556 Firmware | ||
Abb Pm556 | ||
Abb Pm564 Firmware | ||
Abb Pm564 | ||
Abb Pm566 Firmware | ||
Abb Pm566 | ||
Abb Pm572 Firmware | ||
Abb Pm572 | ||
Abb Pm573 Firmware | ||
Abb Pm573 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24686 is a vulnerability that allows attackers to cause the web visualization component of the PLC to stop responding.
CVE-2020-24686 has a severity rating of 7.5 (high).
The affected software includes ABB PM554 firmware, ABB PM556 firmware, ABB PM564 firmware, ABB PM566 firmware, ABB PM572 firmware, and ABB PM573 firmware.
To fix CVE-2020-24686, it is recommended to apply the security patch provided by the vendor ABB.
You can find more information about CVE-2020-24686 [here](https://search.abb.com/library/Download.aspx?DocumentID=3ADR010645&LanguageCode=en&DocumentPartId=&Action=Launch).