cvelist/2020/24xxx/CVE-2020-24685.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@ch.abb.com",
        "ID": "CVE-2020-24685",
        "STATE": "PUBLIC",
        "TITLE": "AC500 V2 unauthenticated crafter packet vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "ABB",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "AC500 V2 products with onboard Ethernet",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "version 2.8.4 and prior versions"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application."
                    }
                ]
            },
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-789 Memory Allocation with Excessive Size Value"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "name": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch",
                "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2020-08-26 20:01:36 +00:00			`{`
			`"CVE_data_meta": {`
"-Synchronized-Data." 2021-02-09 04:00:39 +00:00			`"ASSIGNER": "cybersecurity@ch.abb.com",`
"-Synchronized-Data." 2020-08-26 20:01:36 +00:00			`"ID": "CVE-2020-24685",`
"-Synchronized-Data." 2021-02-09 04:00:39 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "AC500 V2 unauthenticated crafter packet vulnerability"`
"-Synchronized-Data." 2020-08-26 20:01:36 +00:00			`},`
"-Synchronized-Data." 2021-02-09 04:00:39 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "ABB",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "AC500 V2 products with onboard Ethernet",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "version 2.8.4 and prior versions"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-08-26 20:01:36 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-02-09 04:00:39 +00:00			`"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions."`
"-Synchronized-Data." 2020-08-26 20:01:36 +00:00			`}`
			`]`
"-Synchronized-Data." 2021-02-09 04:00:39 +00:00			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.6,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application."`
			`}`
			`]`
			`},`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-789 Memory Allocation with Excessive Size Value"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch",`
			`"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010667&LanguageCode=en&DocumentPartId=&Action=Launch"`
			`}`
			`]`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2020-08-26 20:01:36 +00:00			`}`
			`}`