AC500 V3 Multiple vulnerabilities

Plan PatchCVSS 8.83adr011377Jan 7, 2025

ABBManufacturing

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in AC500 V3 PLCs (PM5xxx) allow an attacker with valid credentials to execute shell commands, read files, and grant unauthorized access. Unauthenticated attackers can crash the PLC processor or its web interface. Vulnerabilities include: CVE-2023-6357 (shell function execution), CVE-2024-5000 (PLC crash), CVE-2024-8175 (web server crash), CVE-2024-12429 (file read access), and CVE-2024-12430 (command execution). Three vulnerabilities (CVE-2023-6357, CVE-2024-12429, CVE-2024-12430) require authentication; two (CVE-2024-5000, CVE-2024-8175) do not.

What this means

What could happen

An attacker with valid credentials could run arbitrary commands on the PLC, alter its configuration, or crash the device, disrupting plant operations. Unauthenticated attackers could also crash the PLC's web interface, causing loss of remote monitoring and control access.

Who's at risk

Manufacturing facilities operating ABB AC500 V3 PLCs (PM5xxx series) should apply this update. Any plant using these controllers for process automation, machine control, or safety-related functions should prioritize patching.

How it could be exploited

An attacker with network access to the AC500 V3 PLC's control interface and valid engineering credentials could authenticate and execute shell commands directly on the device. For unauthenticated attacks, an attacker on the network could send crafted requests to crash the PLC's web server or trigger denial-of-service conditions on the main processor.

Prerequisites

Network access to the AC500 V3 PLC (TCP/IP)
Valid PLC credentials (username/password) for authenticated vulnerabilities
Knowledge of command execution or file access functions

remotely exploitablerequires valid credentials for most attacksno authentication required for denial-of-servicelow complexityaffects industrial process controlmultiple vulnerability types (RCE, DoS, information disclosure)

Exploitability

Some exploitation risk — EPSS score 1.2%

Affected products (1)

ProductAffected VersionsFix Status

AC500 V3 products (PM5xxx) < 3.8.0<3.8.03.8.0

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the PLC's control interface to authorized engineering workstations and HMI systems only

HARDENINGEnforce strong, unique credentials for all PLC user accounts and disable any default accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AC500 V3 firmware to version 3.8.0 or later using Automation Builder 2.8.0 or newer

Long-term hardening

0/1

HARDENINGPlace the PLC on a separate control network segment isolated from untrusted networks

CVEs (5)

CVE-2023-6357 CVE-2024-8175 CVE-2024-12429 CVE-2024-12430 CVE-2024-5000

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/615b3197-3e4c-459e-a3b6-a563434852eb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.