CVE-2024-12429

An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch
http://seclists.org/fulldisclosure/2025/Jan/5

Configurations

No configuration.

History

03 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Jan/5 -
Summary		(es) Un atacante que aproveche con éxito estas vulnerabilidades podría otorgar acceso de lectura a los archivos. Existe una vulnerabilidad en la versión AC500 V3 mencionada. Un atacante autenticado con éxito puede usar esta vulnerabilidad para leer archivos y configuraciones de todo el sistema. Todos los productos AC500 V3 (PM5xxx) con una versión de firmware anterior a la 3.8.0 se ven afectados por esta vulnerabilidad.

07 Jan 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 17:15

Updated : 2025-11-03 22:16

NVD link : CVE-2024-12429

Mitre link : CVE-2024-12429

CVE.ORG link : CVE-2024-12429

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-12429", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.7}], "cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-07T17:15:20.527", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch", "source": "cybersecurity@ch.abb.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/5", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@ch.abb.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An attacker who successfully exploited these vulnerabilities could grant read access to files.\u00a0A vulnerability exists in the AC500 V3 version mentioned. A\u00a0successfully \nauthenticated attacker can use this vulnerability to read system wide files and configuration\n\n\nAll AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability."}, {"lang": "es", "value": "Un atacante que aproveche con \u00e9xito estas vulnerabilidades podr\u00eda otorgar acceso de lectura a los archivos. Existe una vulnerabilidad en la versi\u00f3n AC500 V3 mencionada. Un atacante autenticado con \u00e9xito puede usar esta vulnerabilidad para leer archivos y configuraciones de todo el sistema. Todos los productos AC500 V3 (PM5xxx) con una versi\u00f3n de firmware anterior a la 3.8.0 se ven afectados por esta vulnerabilidad."}], "lastModified": "2025-11-03T22:16:39.560", "sourceIdentifier": "cybersecurity@ch.abb.com"}