ABB AC500 V3: Stack Buffer Overflow in CMS AES-GCM
⚠ ABB reports a stack-based buffer overflow in AC500 V3 when parsing CMS (Auth)EnvelopedData with AEAD ciphers like AES-GCM. An oversized IV in ASN.1 parameters may be copied into a fixed-size stack buffer without length checks, allowing an out-of-bounds write before authentication. This can cause crashes, DoS, or potential RCE. ABB issued firmware 3.9.0 HF1 to correct the issue; no workaround exists.
