ABB AC500 V3 Command Execution Vulnerability via Directory Traversal

Vulnerability

A command execution vulnerability has been identified in ABB AC500 V3 products (PM5xxx) with firmware versions prior to 3.8.0. This vulnerability arises from a directory traversal issue (CVE-2024-12429), which allows a successfully authenticated attacker to inject arbitrary commands into a specially crafted file. The injected commands are then executed by the root user.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution with root privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ABB AC500 V3 Command Execution Vulnerability via Directory Traversal

Vulnerability

Impact

Affected Products

ABB AC500 V3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating