PT-2023-2287 · Abb · Abb Ac500
Published
2023-03-28
·
Updated
2023-09-13
·
CVE-2022-3192
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
ABB AC500 V2 versions 2.0.0 through 2.8.5
Description
The issue is related to insufficient exception state checking in the ABB AC500 programmable logic controller's software, which can be exploited by a remote attacker to cause a denial of service. This is due to an improper input validation vulnerability that allows client-server protocol manipulation.
Recommendations
For ABB AC500 V2 versions 2.0.0 through 2.8.5, update to version 2.8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the client-server protocol to minimize the risk of exploitation.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abb Ac500