AC500 V3 Stack buffer overflow in Cryptographic Message Syntax
Act Now9.83ADR011536Mar 12, 2026
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ABB AC500 V3 PLC contains a stack buffer overflow vulnerability in the cryptographic message syntax handler. An attacker who successfully exploits this vulnerability could cause the device to crash (denial-of-service), or potentially achieve remote code execution on the PLC. The vulnerability affects AC500 V3 PM5xxx running firmware version 3.9.0 and is fixed in firmware version 3.9.0 HF1.
What this means
What could happen
A stack buffer overflow in the AC500 V3 PLC's cryptographic message processing could allow a remote attacker to crash the device or potentially execute arbitrary code, disrupting control logic and process operations.
Who's at risk
Any organization running ABB AC500 V3 PLC controllers (PM5xxx series) should apply this update. This affects manufacturers using AC500 V3 PLCs for automation, water treatment, power distribution, and other process control applications where these controllers are deployed.
How it could be exploited
An attacker sends a specially crafted message containing more data than the cryptographic message handler expects, overflowing the stack buffer. This could overwrite memory containing return addresses or other critical data, allowing the attacker to either crash the PLC or redirect execution to malicious code.
Prerequisites
- Network access to the AC500 V3 PLC's cryptographic message interface
- No authentication required to send the malicious message
Remotely exploitableNo authentication requiredLow complexityHigh CVSS score (9.8)Affects industrial control systemAffects critical automation device
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (1)
ProductAffected VersionsFix Status
AC500 V3 PM5xxx3.9.03.9.0 HF1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate AC500 V3 PM5xxx firmware to version 3.9.0 HF1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2ecd78f8-9d82-40a8-aeed-caead26ea317