CVE-2020-24686 Explained : Impact and Mitigation
Learn about the high-severity CVE-2020-24686 affecting ABB's AC500 V2 products with onboard Ethernet. Find out the impact, affected systems, exploitation details, and mitigation steps.
AC500 V2 webserver denial of service vulnerability
Understanding CVE-2020-24686
This CVE involves a denial of service vulnerability in the web visualization component of ABB's AC500 V2 products with onboard Ethernet.
What is CVE-2020-24686?
The vulnerability allows attackers to disrupt the web visualization component, causing genuine users to lose remote visibility of the PLC state. It triggers an error state when attempting to log in, leading to connection refusals to Automation Builder.
The Impact of CVE-2020-24686
- Severity: High (CVSS Base Score: 7.5)
- Attack Vector: Network
- Availability Impact: High
- No impact on Confidentiality or Integrity
Technical Details of CVE-2020-24686
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability results in the web visualization component of the PLC becoming unresponsive, affecting remote visibility and login attempts.
Affected Systems and Versions
- Affected Product: AC500 V2 products with onboard Ethernet
- Affected Version: All
Exploitation Mechanism
Attackers exploit the vulnerability to disrupt the web visualization component, leading to denial of service and connection refusals.
Mitigation and Prevention
Protecting systems from CVE-2020-24686 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Apply vendor-supplied patches or updates promptly.
- Implement network segmentation to limit exposure.
- Monitor network traffic for any signs of exploitation.
Long-Term Security Practices
- Regularly update and patch all software and firmware.
- Conduct security assessments and penetration testing.
- Educate users on security best practices.
Patching and Updates
- ABB may release patches or updates to address the vulnerability.