Lucene search

TalosCVELIST:CVE-2024-24954

HistoryMay 28, 2024 - 3:30 p.m.

CVE-2024-24954

2024-05-2815:30:17

CWE-787

talos

www.cve.org

vulnerability

heap-based memory corruption

malicious packets

firmware

offset

automationdirect

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset 0xb69c8.

CNA Affected

[
  {
    "vendor": "AutomationDirect",
    "product": "P3-550E",
    "versions": [
      {
        "version": "1.2.10.9",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2024-1938

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2024-24954