AC500 V3 Stack buffer overflow in Cryptographic Message Syntax
Plan PatchCVSS 9.83ADR011536Mar 12, 2026
ABB
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A stack buffer overflow vulnerability exists in ABB AC500 V3 PM5xxx firmware version 3.9.0 in the cryptographic message syntax processing code. An attacker who successfully exploits this vulnerability could cause a crash, denial-of-service, or potentially remote code execution on the PLC.
What this means
What could happen
An attacker could crash the PLC or run arbitrary code on it, potentially altering process control logic, stopping operations, or causing equipment damage. A denial-of-service attack could interrupt plant operations by forcing an unplanned PLC restart.
Who's at risk
Facilities running ABB AC500 V3 PM5xxx PLCs—including water treatment plants, power generation stations, and industrial automation systems that rely on these controllers for process control and safety interlocks—need to patch immediately to prevent potential takeover or denial-of-service attacks.
How it could be exploited
An attacker with network access to the PLC could send a specially crafted cryptographic message to trigger the stack buffer overflow. If successful, the attacker could execute commands on the PLC with the same privileges as the firmware.
Prerequisites
- Network access to the AC500 V3 PLC
- Ability to send crafted network packets to the cryptographic message processing port
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)potential for code execution
Exploitability
Some exploitation risk — EPSS score 2.1%
Public Proof-of-Concept (PoC) on GitHub (4 repositories)
Affected products (1)
ProductAffected VersionsFix Status
AC500 V3 PM5xxx3.9.03.9.0 HF1
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate AC500 V3 PM5xxx firmware to version 3.9.0 HF1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2ecd78f8-9d82-40a8-aeed-caead26ea317Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.