CVE-2024-23601

Name of the Vulnerable Software and Affected Versions AutomationDirect P3-550E version 1.2.10.9

Description The issue is related to insufficient data authentication in the scan lib.bin library of the AutomationDirect P3-550E programmable logic controller's software. This can allow a remote attacker to execute arbitrary code or cause a denial of service by exploiting the vulnerability. A specially crafted scan lib.bin file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Recommendations For AutomationDirect P3-550E version 1.2.10.9, consider disabling the scan lib.bin functionality until a patch is available to prevent arbitrary code execution. Restrict access to the scan lib.bin file to minimize the risk of exploitation. Avoid using malicious or unverified scan lib.bin files to prevent triggering the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.