CVE-2024-24958

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: The issue is related to out-of-bounds write vulnerabilities in the Programming Software Connection FileSystem API functionality. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities, potentially causing a denial of service. The arbitrary null-byte write vulnerability is located at offset 0xb6bdc.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, consider disabling the FileSystem API functionality until a patch is available to prevent exploitation of the out-of-bounds write vulnerabilities. Restrict access to the Programming Software Connection to minimize the risk of remote attackers sending malicious packets. Avoid using the offset 0xb6bdc in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.