AC500 V2 Buffer overread on Modbus protocol
MonitorCVSS 5.83adr011432Jul 23, 2025
ABBManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A buffer overread vulnerability in ABB AC500 V2 allows an unauthenticated attacker with network access to the Modbus port to read fragments of previously transmitted Modbus telegrams from the PLC. This could expose sensitive process data, setpoints, or historical command information. The vulnerability affects AC500 V2 firmware versions 2.5.2 and earlier.
What this means
What could happen
An attacker with network access to the Modbus protocol port can read fragments of previously transmitted data from the PLC, potentially exposing sensitive information like process parameters, sensor readings, or control commands.
Who's at risk
Manufacturing facilities and utilities using ABB AC500 V2 PLCs with Modbus communication. This affects any plant where the AC500 V2 is networked and receives Modbus queries from maintenance tools, SCADA systems, or HMIs.
How it could be exploited
An attacker sends a specially crafted Modbus query to the AC500 V2 PLC over the network. Due to a buffer overread vulnerability, the device responds with fragments of old Modbus telegrams stored in memory, leaking data that was transmitted in earlier communications.
Prerequisites
- Network access to the Modbus protocol port (typically TCP 502)
- AC500 V2 firmware version 2.5.2 or earlier
remotely exploitableno authentication requiredlow complexityinformation disclosure
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (1)
ProductAffected VersionsFix Status
AC500 V2≥ 2.5.22.5.3
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate AC500 V2 firmware to version 2.5.3 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/46fd21c3-49b8-42b0-9cca-f778c2de7518Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.