Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
ABB AC500 安全漏洞
Vulnerability Description
ABB AC500是瑞士ABB公司的一款可编程逻辑控制器 PLC。 ABB AC500 V3 3.8.0之前版本存在安全漏洞,该漏洞源于存在目录遍历漏洞,导致通过身份验证的攻击者可将任意命令注入特制文件,然后由root用户执行。
CVSS Information
N/A
Vulnerability Type
N/A