Home

Description

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to take control of the node.

PUBLISHED Reserved 2024-08-20 | Published 2024-10-25 | Updated 2024-10-30 | Assigner ABB




MEDIUM: 5.9CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

MEDIUM: 4.6CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:I/V:D/RE:H/U:Amber

Problem types

CWE-347 Improper Verification of Cryptographic Signature

Product status

Default status
unaffected

1.0.0 (custom)
affected

2.0.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

Default status
unaffected

PCL1 (custom)
affected

Default status
unaffected

1.1.1 (custom)
affected

1.2.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

1.1.0 (custom)
affected

1.2.0 (custom)
affected

1.3.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

1.0 FP1 (custom)
affected

1.0 FP2 (custom)
affected

1.0 FP3 (custom)
affected

1.0 FP4 (custom)
affected

Default status
unaffected

4.0.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

Default status
unaffected

2.0.0 (custom)
affected

3.0.0 (custom)
affected

4.0.0 (custom)
affected

4.1.9 (custom)
affected

5.0.0 (custom)
affected

5.1.0 (custom)
affected

Default status
unaffected

2.0.0 (custom)
affected

3.0.0 (custom)
affected

3.1.0 (custom)
affected

4.1.0 (custom)
affected

5.1.0 (custom)
affected

Default status
unaffected

2.0.0 (custom)
affected

4.0.0 (custom)
affected

4.1.0 (custom)
affected

4.2.0 (custom)
affected

5.1.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

2.0.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

2.0.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

Default status
unaffected

2.0.0 (custom)
affected

2.1.0 (custom)
affected

Default status
unaffected

1.1.0 (custom)
affected

1.2.0 (custom)
affected

1.3.0 (custom)
affected

Default status
unaffected

1.0.0 (custom)
affected

Default status
unaffected

3.3 (custom)
affected

3.4 (custom)
affected

3.5 (custom)
affected

4.0 (custom)
affected

4.1 (custom)
affected

5.0 (custom)
affected

5.1 (custom)
affected

Default status
unaffected

Exx (custom)
affected

Mxx (custom)
affected

Sxx (custom)
affected

xMx (custom)
affected

Exxx (custom)
affected

Mxxx (custom)
affected

Sxxx (custom)
affected

xMxx (custom)
affected

xxxC (custom)
affected

Default status
unaffected

4.1 (custom)
affected

5.0 (custom)
affected

Default status
unaffected

Exxx (custom)
affected

Mxxx (custom)
affected

Sxxx (custom)
affected

xMxx (custom)
affected

xxxC (custom)
affected

Default status
unaffected

R1.0 (custom)
affected

R1.1 (custom)
affected

R2.0 (custom)
affected

R2.5 (custom)
affected

R2.5 ATEX (custom)
affected

R2.5 SP3 (custom)
affected

R2.6 (custom)
affected

R3.0 (custom)
affected

R3.0 SP1 (custom)
affected

R3.0 SP3 (custom)
affected

Default status
unaffected

2.6 V4F07x (custom)
affected

3.0FP1 V4F11x (custom)
affected

V4D02x (custom)
affected

V4E0xx (custom)
affected

Default status
unaffected

3.x.x (custom)
affected

Default status
unaffected

2.x.x (custom)
affected

Default status
unaffected

4.x.x (custom)
affected

Default status
unaffected

1.1 (custom)
affected

Default status
unaffected

1.1 (custom)
affected

Credits

ABB thanks Jos Wetzels from Midnight Blue (midnightblue.nl) for helping to identify the vulnerabilities and protecting our customers. finder

References

search.abb.com/...guageCode=en&DocumentPartId=&Action=Launch

cve.org (CVE-2024-8036)

nvd.nist.gov (CVE-2024-8036)

Download JSON