CVE-2024-12429
📋 TL;DR
An authenticated attacker can exploit this vulnerability in AC500 V3 products to read system-wide files and configurations. This affects all AC500 V3 (PM5xxx) products running firmware versions earlier than 3.8.0.
💻 Affected Systems
- ABB AC500 V3 (PM5xxx series)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains access to sensitive configuration files, passwords, or system files, potentially enabling further system compromise or data exfiltration.
Likely Case
Unauthorized reading of configuration files containing network settings, device credentials, or operational parameters.
If Mitigated
Limited impact if proper network segmentation and access controls prevent authenticated attackers from reaching vulnerable systems.
🎯 Exploit Status
Exploitation requires authenticated access; CWE-22 indicates improper path validation allowing directory traversal.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version 3.8.0 or later
Vendor Advisory: https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch
Restart Required: Yes
Instructions:
1. Download firmware version 3.8.0 or later from ABB. 2. Backup current configuration. 3. Apply firmware update following ABB documentation. 4. Verify successful update and restore configuration if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate AC500 devices on separate network segments with strict access controls.
Access Control Hardening
allImplement strong authentication mechanisms and limit user accounts with access to AC500 devices.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate AC500 devices from untrusted networks
- Enforce strong authentication policies and regularly audit user accounts with device access
🔍 How to Verify
Check if Vulnerable:
Check firmware version on AC500 device via web interface or diagnostic tools; if version is earlier than 3.8.0, device is vulnerable.Check Version:
Check via device web interface or use ABB diagnostic tools to query firmware versionVerify Fix Applied:
Confirm firmware version is 3.8.0 or later after update; test file access attempts to verify path traversal is blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns
- Multiple failed authentication attempts followed by successful login and file access
Network Indicators:
- Unexpected HTTP requests to file paths outside normal parameters
- Traffic to AC500 devices from unauthorized sources
SIEM Query:
source="ac500" AND (event_type="file_access" OR uri CONTAINS "../")