Lucene search

TalosCVELIST:CVE-2024-22187

HistoryMay 28, 2024 - 3:30 p.m.

CVE-2024-22187

2024-05-2815:30:15

CWE-284

talos

www.cve.org

cve-2024-22187

write-what-where vulnerability

programming software connection

remote memory diagnostics

automationdirect p3-550e

network packet

arbitrary write

unauthenticated packet

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

20.1%

JSON

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "AutomationDirect",
    "product": "P3-550E",
    "versions": [
      {
        "version": "1.2.10.9",
        "status": "affected"
      }
    ]
  }
]

References

community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yXV2AY/sa00036

talosintelligence.com/vulnerability_reports/TALOS-2024-1940

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1940

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

20.1%

JSON

Related for CVELIST:CVE-2024-22187