Lucene search

TalosVULNRICHMENT:CVE-2024-24956

HistoryMay 28, 2024 - 3:30 p.m.

CVE-2024-24956

2024-05-2815:30:17

CWE-787

talos

github.com

out-of-bounds write

filesystem api

heap-based memory corruption

network packets

null-byte write

firmware vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

7.3 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset 0xb6a38.

CNA Affected

[
  {
    "vendor": "AutomationDirect",
    "product": "P3-550E",
    "versions": [
      {
        "version": "1.2.10.9",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2024-1938

www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

7.3 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for VULNRICHMENT:CVE-2024-24956