Command Execution Vulnerability in ABB AC500 V3 Products

CVE-2024-12430

What is CVE-2024-12430?

A vulnerability within ABB's AC500 V3 products allows for command execution when an attacker successfully exploits prior vulnerabilities such as directory traversal. Specifically, an authenticated attacker can craft a malicious file that, once executed, enables arbitrary commands by the root user. All PM5xxx models running firmware versions prior to 3.8.0 are susceptible to this risk, making it critical for organizations to update their firmware to safeguard against potential attacks.

References