ABB disclosed a high-severity stack-based buffer overflow vulnerability (CVE-2025-15467, CVSS 9.8) in its AC500 V3 PM5xxx Programmable Logic Controllers running firmware versions 3.9.0 and 3.9.0_HF1. The vulnerability resides in the parsing of CMS (Auth)EnvelopedData structures that use AEAD ciphers like AES-GCM. An attacker can supply a crafted CMS message with an oversized Initialization Vector (IV) encoded in ASN.1 parameters, causing a stack buffer overflow before any authentication or tag verification. Since the overflow occurs prior to authentication, no valid key material is required to trigger it, making it exploitable without prior access. Successful exploitation could lead to a system crash, denial-of-service, or potentially remote code execution depending on platform mitigations. The vulnerability was publicly disclosed; ABB received no reports of active exploitation. ABB has released a fix, and CISA recommends users update affected firmware and implement defensive measures such as network segmentation, firewall protection, and VPN use for remote access. Critical infrastructure sectors including Chemical, Critical Manufacturing, Energy, and Water/Wastewater are affected worldwide.

Key facts

• Stack buffer overflow in ABB AC500 V3 PM5xxx firmware 3.9.0 and 3.9.0_HF1.
• CVE-2025-15467 with CVSS 9.8; exploitable without authentication or key material.
• Overflow occurs during parsing of CMS structures with oversized IV in AEAD ciphers.
• May cause crash, denial-of-service, or potentially remote code execution.
• CISA recommends immediate update and network segmentation; no active exploitation reported.

KeyAudit data perspective