VDB
CVE-2024-12429
CVE-2024-12429
PUBLISHED
CVSS 4.300000190734863 MEDIUM
AC500 V3 PLC has a slot for memory cards that can be used e.g. for logging purposes or for updating the firmware or the boot application. Because the AC500 V3 does not correctly validate the content of the memory card, a specifically crafted memory card can be used for directory traversal. A successfully authenticated attacker can use this vulnerability to read system-wide files and configuration
EPSS 0.19% · 40.8th percentile
Risk Scores
CVSS v3.1
4.300000190734863
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.19%
40.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | AC500 V3 products (PM5xxx) < 3.8.0 |
Timeline
- Jan 7, 2025 CVE Published
- Jan 7, 2025 PoC Published
- Jan 7, 2025 PoC Published
- Jan 7, 2025 PoC Published
- Jan 7, 2025 PoC Published
- Jan 7, 2025 PoC Published
- Jan 7, 2025 PoC Published
- Jan 7, 2025 PoC Published
- Jan 8, 2025 EPSS Score
- Jan 16, 2025 PoC Published
- Jan 20, 2025 Coalition ESS Score
- Jan 24, 2025 EPSS Score
References
- https://psirt.abb.com/csaf/2025/3adr011377.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18027&token=43109051cf95d3445bc616e4efb8414336ebcc47&download= advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download= advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download= advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010315&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://new.abb.com/plc/automationbuilder/platform/software advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-12429 advisory