CVE-2024-24956

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: The issue is related to out-of-bounds write vulnerabilities in the Programming Software Connection FileSystem API functionality. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities, potentially causing a denial of service. The arbitrary null-byte write vulnerability is located at offset 0xb6a38 in firmware 1.2.10.9 of the P3-550E.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, consider disabling the FileSystem API functionality until a patch is available to prevent exploitation of the out-of-bounds write vulnerabilities. Restrict access to the Programming Software Connection to minimize the risk of malicious packet delivery. Avoid using the offset 0xb6a38 in the affected firmware until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.