Detections
Analytics

ABB AC500 Allocation of Resources Without Limits or Throttling (CVE-2020-24685)

high Tenable OT Security Plugin ID 500942

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability.
Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?3a92118d

Plugin Details

Severity: High

ID: 500942

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 3/29/2023

Updated: 9/20/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-24685

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:abb:ac500_cpu_firmware

Required KB Items: Tenable.ot/ABB

Exploit Ease: No known exploits are available

Patch Publication Date: 2/9/2021

Vulnerability Publication Date: 2/9/2021

Reference Information

CVE: CVE-2020-24685

CWE: 770