CVE-2024-24962

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality. This issue can be triggered by a specially crafted network packet, allowing an attacker to send an unauthenticated packet and potentially execute arbitrary code. The vulnerability occurs at offset 0xb6e98 of version 1.2.10.9 of the P3-550E firmware.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, consider disabling the FileSelect functionality in the Programming Software Connection until a patch is available to prevent potential exploitation. Restrict access to the network to minimize the risk of receiving specially crafted packets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.