Stack-Based Buffer Overflow Vulnerability in AutomationDirect P3-550E Firmware
CVE-2024-24963

9.8CRITICAL

Key Information:

Vendor: Automationdirect
Status: P3-550e
Vendor: CVE Published:; 28 May 2024

🔔 Create Automationdirect Vulnerability Alert

What is CVE-2024-24963?

A stack-based buffer overflow vulnerability exists within the Programming Software Connection FileSelect functionality of AutomationDirect's P3-550E version 1.2.10.9. This issue can be exploited by sending a specially crafted network packet, leading to potential stack-based buffer overflow at specific offsets. Such an attack could allow unauthorized access to the system, enabling an attacker to potentially manipulate the firmware or execute arbitrary code. Organizations using the affected version are advised to apply necessary mitigations and updates to safeguard their systems.

Affected Version(s)

P3-550E 1.2.10.9

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.talosintelligence.com/vulnerability_reports/T...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Feb 1, 2024

Credit

Discovered by Matt Wiseman of Cisco Talos.