CVE-2024-24946

Name of the Vulnerable Software and Affected Versions: AutomationDirect P3-550E version 1.2.10.9

Description: A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality. This issue can be triggered by a specially crafted network packet, leading to denial of service. An attacker can send an unauthenticated packet to exploit this vulnerability, which occurs when a call to memset relies on an attacker-controlled length value and corrupts any trailing heap allocations at offset 0xb686c of the P3-550E firmware.

Recommendations: For AutomationDirect P3-550E version 1.2.10.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.