Command Execution Vulnerability in ABB AC500 V3 Products
CVE-2024-12430

7.3HIGH

Key Information:

Vendor: Abb
Status: Ac500 V3
Vendor: CVE Published:; 7 January 2025

What is CVE-2024-12430?

A vulnerability within ABB's AC500 V3 products allows for command execution when an attacker successfully exploits prior vulnerabilities such as directory traversal. Specifically, an authenticated attacker can craft a malicious file that, once executed, enables arbitrary commands by the root user. All PM5xxx models running firmware versions prior to 3.8.0 are susceptible to this risk, making it critical for organizations to update their firmware to safeguard against potential attacks.

Affected Version(s)

AC500 V3 0 < 3.8.0

References

https://search.abb.com/library/Download.aspx?DocumentID=3...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2025

JSON

Abb

What is CVE-2024-12430?

Affected Version(s)

References

CVSS V4

Timeline