Post

Critical Vulnerability in ABB AC500 V3 PLCs

Posted
By ictsec.pl
1 min read
Critical Vulnerability in ABB AC500 V3 PLCs

Critical Vulnerability in ABB AC500 V3 PLCs 🚨

ABB has identified a critical vulnerability, tracked as CVE-2025-15467, affecting versions of its AC500 V3 programmable logic controllers (PLCs). An update is available that resolves this publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution.

Affected Versions

  • ABB AC500 V3 PM5xxx 3.9.0
  • ABB AC500 V3 PM5xxx 3.9.0_HF1

The AC500 V3 is a scalable range of PLCs deployed worldwide across critical infrastructure sectors such as Chemical, Critical Manufacturing, Energy, and Water and Wastewater. While the vulnerabilities have been publicly disclosed, ABB had not received any information indicating that this vulnerability had been exploited when this security advisory was originally issued.

Vulnerability Details

The vulnerability, categorized as CWE-787 Out-of-bounds Write, occurs when parsing Cryptographic Message Syntax (CMS) (Auth)EnvelopedData structures that use AEAD ciphers like AES-GCM. Specifically, the Initialization Vector (IV) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Because the overflow occurs prior to authentication, no valid key material is required to trigger it.

Recommendations

ABB recommends that customers apply this update at the earliest convenience; the firmware version is released for all AC500 V3 PLC types and available for download. No workarounds are available for this specific vulnerability. CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities, including minimizing network exposure for all control system devices and systems, ensuring they are not accessible from the internet. Organizations should locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, more secure methods such as Virtual Private Networks (VPNs) should be used.

For more details, you can read the full article here: Read full article

SECURITY
ABB VULNERABILITY PLC CYBERSECURITY
This post is licensed under CC BY 4.0 by the author.