CVE-2024-24947

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: The issue is related to a heap-based buffer overflow vulnerability in the Programming Software Connection CurrDir functionality. This can be triggered by a specially crafted network packet, leading to denial of service. An attacker can send an unauthenticated packet to exploit this issue. The vulnerability is caused by a call to memset that relies on an attacker-controlled length value, resulting in heap corruption at offset 0xb68c4 of the P3-550E firmware.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, consider disabling the CurrDir functionality until a patch is available to prevent exploitation. Restrict access to the Programming Software Connection to minimize the risk of denial of service attacks. Avoid using the memset function with attacker-controlled length values to prevent heap corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.