Summary
ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution.
The following versions of ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax are affected:
- AC500 V3 PM5xxx 3.9.0, 3.9.0_HF1
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | ABB | ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax | Out-of-bounds Write |
Background
- Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2025-15467
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.
Affected Products
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
ABB
ABB AC500 V3 PM5xxx Firmware Version 3.9.0
fixed, known_affected
Remediations
Vendor fix
The problem is corrected in the following product version: – AC500 V3 firmware version 3.9.0 HF1 ABB recommends that customers apply the update at earliest convenience. This firmware version is released for all AC500 V3 PLC types and available for download from the ABB library. https://search.abb.com/library/Download.aspx?DocumentID=3ADR011537&LanguageCode=en&DocumentPartId=&Action=Launch
Mitigation
Refer to section “General security recommendations” for further advise on how to keep your system secure.
Workaround
No workarounds are available
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Acknowledgments
- ABB PSIRT reported this vulnerability to CISA.
Notice
The information in this document is subject to change without notice, and should not be construed as a commitment by ABB. ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if ABB or its suppliers have been advised of the possibility of such damages. This document and pa
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: