PT-2024-5087 · Automationdirect · P3-550E

Matt Wiseman

Published

2024-05-23

Updated

2024-06-10

CVE-2024-24963

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality. This issue can be triggered by a specially crafted network packet, leading to a stack-based buffer overflow. An attacker can send an unauthenticated packet to exploit this vulnerability, potentially allowing remote execution of arbitrary code. The vulnerability occurs at offset 0xb6e84 of version 1.2.10.9 of the P3-550E firmware.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, consider disabling the FileSelect functionality in the Programming Software Connection until a patch is available to prevent exploitation of the stack-based buffer overflow vulnerability.

Exploit

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2024-05614

CVE-2024-24963

Affected Products

P3-550E

PT-2024-5087 · Automationdirect · P3-550E

CVE-2024-24963

Weakness Enumeration

Related Identifiers

Affected Products

References · 8