CVE-2024-24957

2024-05-2816:15:14

CWE-787

[email protected]

web.nvd.nist.gov

programming software connection

filesystem api

heap-based memory corruption

malicious packets

null-byte write vulnerability

firmware 1.2.10.9

offset 0xb6aa4

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset 0xb6aa4.