{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-12429", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2024-12-10T16:58:59.932Z", "datePublished": "2025-01-07T16:53:41.269Z", "dateUpdated": "2025-11-03T21:52:21.557Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AC500 V3", "vendor": "ABB", "versions": [{"lessThan": "3.8.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "ABB acknowledges and extends gratitude to D. Blagojevic, S. Dietz and T. Weber of CyberDanube for responsibly disclosing the vulnerability and providing valuable input on product improvements."}], "datePublic": "2025-01-07T04:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An attacker who successfully exploited these vulnerabilities could grant read access to files.&nbsp;A vulnerability exists in the AC500 V3 version mentioned. A&nbsp;successfully \nauthenticated attacker can use this vulnerability to read system wide files and configuration\n\n<br>All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.\n\n<br>"}], "value": "An attacker who successfully exploited these vulnerabilities could grant read access to files.\u00a0A vulnerability exists in the AC500 V3 version mentioned. A\u00a0successfully \nauthenticated attacker can use this vulnerability to read system wide files and configuration\n\n\nAll AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-01-07T16:53:41.269Z"}, "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-07T17:44:40.619843Z", "id": "CVE-2024-12429", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T17:45:25.384Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jan/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:52:21.557Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jan/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:52:21.557Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12429", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-07T17:44:40.619843Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-07T17:43:13.110Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "ABB acknowledges and extends gratitude to D. Blagojevic, S. Dietz and T. Weber of CyberDanube for responsibly disclosing the vulnerability and providing valuable input on product improvements."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ABB", "product": "AC500 V3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.8.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-01-07T04:30:00.000Z", "references": [{"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An attacker who successfully exploited these vulnerabilities could grant read access to files.\u00a0A vulnerability exists in the AC500 V3 version mentioned. A\u00a0successfully \nauthenticated attacker can use this vulnerability to read system wide files and configuration\n\n\nAll AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "An attacker who successfully exploited these vulnerabilities could grant read access to files.&nbsp;A vulnerability exists in the AC500 V3 version mentioned. A&nbsp;successfully \nauthenticated attacker can use this vulnerability to read system wide files and configuration\n\n<br>All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability.\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-01-07T16:53:41.269Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12429", "state": "PUBLISHED", "dateUpdated": "2025-11-03T21:52:21.557Z", "dateReserved": "2024-12-10T16:58:59.932Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2025-01-07T16:53:41.269Z", "assignerShortName": "ABB"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "AC500 V3", "vendor": "ABB", "versions": [{"lessThan": "3.8.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "source": "cybersecurity@ch.abb.com"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker who successfully exploited these vulnerabilities could grant read access to files.\u00a0A vulnerability exists in the AC500 V3 version mentioned. A\u00a0successfully \nauthenticated attacker can use this vulnerability to read system wide files and configuration\n\n\nAll AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability."}, {"lang": "es", "value": "Un atacante que aproveche con \u00e9xito estas vulnerabilidades podr\u00eda otorgar acceso de lectura a los archivos. Existe una vulnerabilidad en la versi\u00f3n AC500 V3 mencionada. Un atacante autenticado con \u00e9xito puede usar esta vulnerabilidad para leer archivos y configuraciones de todo el sistema. Todos los productos AC500 V3 (PM5xxx) con una versi\u00f3n de firmware anterior a la 3.8.0 se ven afectados por esta vulnerabilidad."}], "id": "CVE-2024-12429", "lastModified": "2026-06-17T06:59:42.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-12429", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2025-01-07T17:44:40.619843Z", "version": "2.0.3"}}]}, "published": "2025-01-07T17:15:20.527", "references": [{"source": "cybersecurity@ch.abb.com", "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011377&LanguageCode=en&DocumentPartId=&Action=Launch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jan/5"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}

{}

{}