PT-2024-5279 · Automationdirect · Automationdirect P3-550E

Matt Wiseman

Published

2024-05-28

Updated

2024-06-10

CVE-2024-22187

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions AutomationDirect P3-550E version 1.2.10.9

Description A write-what-where issue exists in the Programming Software Connection Remote Memory Diagnostics functionality. This allows an attacker to send a specially crafted network packet, leading to an arbitrary write. The vulnerability can be triggered by an unauthenticated packet, potentially enabling a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For AutomationDirect P3-550E version 1.2.10.9, consider disabling the Remote Memory Diagnostics functionality until a patch is available to prevent potential exploitation. Restrict access to the affected component to minimize the risk of arbitrary code execution or denial of service.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2024-05898

CVE-2024-22187

Affected Products

Automationdirect P3-550E

PT-2024-5279 · Automationdirect · Automationdirect P3-550E

CVE-2024-22187

Weakness Enumeration

Related Identifiers

Affected Products

References · 7