PT-2024-5091 · Automationdirect · Automationdirect P3-550E

Matt Wiseman

Published

2024-05-23

Updated

2024-06-10

CVE-2024-24851

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: A heap-based buffer overflow issue exists in the Programming Software Connection FiBurn functionality. This can be triggered by a specially crafted network packet, leading to a buffer overflow. An attacker can send an unauthenticated packet to exploit this issue, potentially resulting in a denial of service.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, consider restricting access to the FiBurn functionality until a patch is available. As a temporary workaround, disabling the FiBurn functionality may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-805CWE-787CWE-122

Related Identifiers

BDU:2024-05618

CVE-2024-24851

Affected Products

Automationdirect P3-550E

PT-2024-5091 · Automationdirect · Automationdirect P3-550E

CVE-2024-24851

Weakness Enumeration

Related Identifiers

Affected Products

References · 9