CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12429 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12429
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version ... • https://packetstorm.news/files/id/188713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12430 – ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-12430
07 Jan 2025 — An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. An attacker who successfully exploi... • https://packetstorm.news/files/id/188713 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •