CVE-2024-12430 is a vulnerability classified under CWE-280 (Improper Handling of Insufficient Permissions or Privileges) found in ABB's AC500 V3 series of programmable logic controllers (PLCs), specifically the PM5xxx models running firmware versions prior to 3.8.0. The vulnerability enables an attacker who has already gained authenticated access with low privileges to escalate their capabilities to root-level command execution. This escalation is achieved by exploiting a chained attack vector starting with CVE-2024-12429, a directory traversal vulnerability that allows the attacker to manipulate file paths. By crafting a malicious file through this directory traversal, the attacker can inject arbitrary commands that the system subsequently executes with root privileges. The vulnerability does not require user interaction but does require authentication with low privileges, making it a significant risk in environments where authentication controls are weak or compromised. The CVSS 4.0 base score of 7.3 reflects a high severity, with the vector indicating local attack vector, high impact on confidentiality, integrity, and availability, and requiring privileges but no user interaction. The vulnerability affects all AC500 V3 PM5xxx products with firmware versions earlier than 3.8.0, which are widely used in industrial automation and control systems. No public exploits are known at this time, but the potential for severe operational disruption and unauthorized control is substantial.

For European organizations, especially those in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a significant threat. Successful exploitation could lead to unauthorized root-level command execution on PLCs, potentially disrupting industrial processes, causing physical damage, or enabling espionage and sabotage. The confidentiality, integrity, and availability of critical control systems could be compromised, leading to operational downtime, safety hazards, and financial losses. Given the widespread use of ABB AC500 V3 devices in European industrial environments, the risk extends to supply chain disruptions and national infrastructure security. The requirement for authentication limits exposure but does not eliminate risk, particularly if credential management is weak or if attackers gain initial footholds through other means. The absence of known exploits in the wild provides a window for proactive mitigation but also underscores the need for vigilance.

1. Immediately upgrade all ABB AC500 V3 PM5xxx devices to firmware version 3.8.0 or later, where this vulnerability is patched. 2. Implement strict network segmentation and access controls to limit access to PLC management interfaces only to authorized personnel and systems. 3. Enforce strong authentication mechanisms, including multi-factor authentication where possible, to reduce the risk of credential compromise. 4. Monitor logs and network traffic for unusual activity indicative of attempted exploitation or unauthorized access. 5. Conduct regular security audits and vulnerability assessments of industrial control systems to identify and remediate weaknesses. 6. Develop and test incident response plans specific to industrial control system breaches to minimize impact if exploitation occurs. 7. Coordinate with ABB support and subscribe to vendor security advisories to stay informed about updates and patches. 8. Consider deploying application whitelisting or command execution restrictions on PLCs if supported, to limit the impact of injected commands.