Lucene search

TalosCVELIST:CVE-2024-24963

HistoryMay 28, 2024 - 3:30 p.m.

CVE-2024-24963

2024-05-2815:30:16

CWE-121

talos

www.cve.org

cve-2024-24963

stack-based

connection fileselect

programming software

automationdirect

firmware

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

38.0%

JSON

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset 0xb6e84 of v1.2.10.9 of the P3-550E firmware.

CNA Affected

[
  {
    "vendor": "AutomationDirect",
    "product": "P3-550E",
    "versions": [
      {
        "version": "1.2.10.9",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2024-1939

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1939

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

38.0%

JSON

Related for CVELIST:CVE-2024-24963