CVE-2024-12430 in AC500 V3info

Summary

by MITRE • 01/07/2025

An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 01/07/2025

This vulnerability represents a critical command injection flaw in AC500 V3 series devices, specifically affecting PM5xxx models running firmware versions prior to 3.8.0. The issue stems from inadequate input validation and sanitization within the device's file processing mechanisms, creating a pathway for authenticated attackers to execute arbitrary code with root privileges. The vulnerability is particularly concerning as it leverages a successful directory traversal attack from CVE-2024-12429 to establish a command injection vector, demonstrating how multiple vulnerabilities can compound to create more severe security risks. The attack chain begins with directory traversal allowing the attacker to place malicious files in sensitive locations, followed by command injection that executes with elevated privileges due to the root user context. This type of vulnerability falls under CWE-78 which specifically addresses OS command injection flaws, where user-supplied data is directly incorporated into system commands without proper sanitization. The exploitation requires authentication, making it less trivial than unauthenticated attacks but still highly dangerous given the root-level execution privileges. The affected devices represent industrial control systems where command execution with administrative privileges could lead to complete system compromise and potential operational technology disruption. This vulnerability aligns with ATT&CK technique T1059.001 for command and script injection, and T1068 for exploit for privilege escalation, as the initial directory traversal provides a foothold for privilege escalation through command execution. The root cause lies in improper input validation and the lack of proper sanitization of user-controllable data before incorporating it into system commands. The vulnerability impacts the device's integrity and availability, as successful exploitation could allow attackers to modify system configurations, install backdoors, or completely disable the device. The affected firmware versions indicate a widespread issue affecting multiple devices in the AC500 V3 product line, suggesting that the vulnerability may be present in various configurations and deployment scenarios. Organizations should immediately assess their deployment of these devices and implement firmware updates to version 3.8.0 or later to remediate the vulnerability. Network segmentation and access controls should be implemented to limit access to these devices to authorized personnel only, while monitoring for suspicious file upload activities or command execution patterns. The vulnerability highlights the importance of secure coding practices in industrial control systems, particularly around input validation and privilege management. Given the potential for operational technology disruption, organizations should also develop incident response procedures to address potential exploitation attempts and maintain system integrity through regular security assessments. The vulnerability demonstrates how seemingly isolated issues can combine to create more severe security risks, emphasizing the need for comprehensive security testing and vulnerability management processes. The impact extends beyond simple command execution to potentially compromise the entire operational technology infrastructure that relies on these devices for control and monitoring functions.

Responsible

ABB

Reservation

12/10/2024

Disclosure

01/07/2025

Moderation

accepted

CPE

ready

EPSS

0.00333

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!