CVE-2024-23315

Name of the Vulnerable Software and Affected Versions AutomationDirect P3-550E version 1.2.10.9

Description A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality. This vulnerability can be triggered by a specially crafted network packet, leading to the disclosure of sensitive information. An attacker can send an unauthenticated packet to exploit this issue. The vulnerability is related to insufficient access control in the Programming Software Connection component of the AutomationDirect P3-550E programmable logic controllers.

Recommendations For AutomationDirect P3-550E version 1.2.10.9, consider restricting access to the Programming Software Connection IMM 01A1 Memory Read functionality until a patch is available. As a temporary workaround, disabling the vulnerable functionality may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.