AutomationDirect P3-550E Vulnerable to Read-What-Where Attack
CVE-2024-23315

7.5HIGH

Key Information:

Vendor: Automationdirect
Status: P3-550e
Vendor: CVE Published:; 28 May 2024

What is CVE-2024-23315?

A read-what-where vulnerability has been identified in the Memory Read functionality of the P3-550E Programming Software provided by AutomationDirect. This flaw allows attackers to disclose sensitive information by sending specially crafted network packets. By exploiting this vulnerability, an attacker can trigger the issue without authentication, potentially leading to significant data exposure and privacy concerns for users of the affected software version 1.2.10.9.

Affected Version(s)

P3-550E 1.2.10.9

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://community.automationdirect.com/s/internal-databas...

https://www.talosintelligence.com/vulnerability_reports/T...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Feb 1, 2024

Credit

Discovered by Matt Wiseman of Cisco Talos.