ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS), or potentially remote code execution.
The following versions of ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax are affected:
AC500 V3 PM5xxx 3.9.0, 3.9.0_HF1
Vendor
Equipment
ABB
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
Out-of-bounds Write
Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Water and Wastewater
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Switzerland
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is ...