CVE-2024-24957
HIGHAutomationDirect P3-550E <1.2.10.9 - Memory Corruption
Title source: llmDescription
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938
Exploit, Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938
Scores
CVSS v3
8.2
EPSS
0.0049
EPSS Percentile
38.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (1)
automationdirect/p3-550e_firmware
1.2.10.9
Published
May 28, 2024
Tracked Since
Feb 18, 2026