VDB
CVE-2024-8175
CVE-2024-8175
PUBLISHED
CVSS 7.5 HIGH
The AC500 V3 web server, implemented by the CmpWebServer component, is an optional part of the runtime system. It is used by the AC500 V3 WebVisu to display visualization screens in a web browser. The AC500 V3 web server supports both the HTTP and HTTPS protocols. Because the AC500 V3 web server does not correctly check the return value of an underlying function, it reacts in a wrong way to specifically crafted TLS packets that are received via an HTTPS connection. This causes the AC500 V3 web server to access invalid memory and the web server task to crash.
EPSS 0.89% · 75.9th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.89%
75.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | AC500 V3 products (PM5xxx) < 3.8.0 |
Timeline
- Sep 23, 2024 CVE Published
- Sep 26, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 15, 2024 EPSS Score
- Nov 4, 2024 EPSS Score
- Nov 23, 2024 EPSS Score
- Dec 13, 2024 EPSS Score
- Jan 2, 2025 EPSS Score
- Jan 7, 2025 CVE Updated
- Jan 21, 2025 EPSS Score
- Feb 9, 2025 EPSS Score
- Feb 28, 2025 EPSS Score
References
- https://psirt.abb.com/csaf/2025/3adr011377.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18027&token=43109051cf95d3445bc616e4efb8414336ebcc47&download= advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18355&token=e3e5a937ce72602bec39718ddc2f4ba6d983ccd1&download= advisory
- https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=18604&token=d5e1e2820ee63077b875b3bb41014b1f102e88a3&download= advisory
- https://search.abb.com/library/Download.aspx?DocumentID=3ADR010315&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://new.abb.com/plc/automationbuilder/platform/software advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-8175 advisory