1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: AutomationDirect
- Equipment: Productivity PLCs
- Vulnerabilities: Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer Overflow, Improper Access Control, Active Debug Code, Insufficient Verification of Data Authenticity
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to remote code execution and denial of service.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
AutomationDirect reports the following versions of Productivity PLCs are affected:
- Productivity 3000 P3-550E CPU: FW 1.2.10.9
- Productivity 3000 P3-550E CPU: SW 4.1.1.10
- Productivity 3000 P3-550 CPU: FW 1.2.10.9
- Productivity 3000 P3-550 CPU: SW 4.1.1.10
- Productivity 3000 P3-530 CPU: FW 1.2.10.9
- Productivity 3000 P3-530 CPU: SW 4.1.1.10
- Productivity 2000 P2-550 CPU: FW 1.2.10.10
- Productivity 2000 P2-550 CPU: SW 4.1.1.10
- Productivity 1000 P1-550 CPU: FW 1.2.10.10
- Productivity 1000 P1-550 CPU: SW 4.1.1.10
- Productivity 1000 P1-540 CPU: FW 1.2.10.10
- Productivity 1000 P1-540 CPU: SW 4.1.1.10
3.2 Vulnerability Overview
3.2.1 Buffer Access with Incorrect Length Value CWE-805
A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2024-24851 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories