CVE-2024-24955

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: The issue is related to out-of-bounds write vulnerabilities in the Programming Software Connection FileSystem API functionality. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities, potentially allowing a remote attacker to cause a denial of service. The arbitrary null-byte write vulnerability is located in firmware 1.2.10.9 of the P3-550E at offset 0xb69fc.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, consider disabling the FileSystem API functionality until a patch is available to prevent exploitation of the out-of-bounds write vulnerabilities. Restrict access to the Programming Software Connection to minimize the risk of malicious packet delivery. Avoid using the offset 0xb69fc in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.