CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-24851

High Severity
Automationdirect
SVRS
42/100
CVSSv3
7.5/10
EPSS
0.00438/1

CVE-2024-24851: Heap-based buffer overflow in AutomationDirect P3-550E. This vulnerability allows an attacker to cause a denial of service or potentially execute arbitrary code by sending a crafted network packet. The flaw resides in the FiBurn functionality of the Programming Software Connection. An unauthenticated attacker can trigger this buffer overflow, impacting system availability and security. While the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 42, indicating a moderate level of risk that requires monitoring. Although not critical based on the SVRS, its presence in the wild means potential exploits are possible and should be addressed, focusing on updating the AutomationDirect P3-550E to mitigate potential attacks exploiting this flaw. Prompt patching is advisable to prevent unauthorized access and maintain system stability.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-05-28
LAST MODIFIED2025-02-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-24851 | AutomationDirect Productivity 3000 P3-550E 1.2.10.9 Programming Software Connection FiBurn buffer access with incorrect length value (icsa-24-144-01)
vuldb.com2025-02-13
CVE-2024-24851 | AutomationDirect Productivity 3000 P3-550E 1.2.10.9 Programming Software Connection FiBurn buffer access with incorrect length value (icsa-24-144-01) | A vulnerability has been found in AutomationDirect Productivity 3000 P3-550E 1.2.10.9 and classified as critical. Affected by this vulnerability is the function FiBurn of the component Programming Software Connection. The manipulation leads to buffer access with incorrect length value. This vulnerability is known as
vuldb.com
rss
forum
news
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
Jonathan Munshaw2024-05-29
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges | Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.Cisco Talos’ Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past
cve-2024-24947
cve-2024-23947
cve-2024-24963
cve-2024-21785
AutomationDirect Productivity PLCs
CISA2024-05-23
AutomationDirect Productivity PLCs | View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment</strong
cve-2024-24947
cve-2024-24851
cve-2024-24958
cve-2024-22187

Social Media

🚨 CVE-2024-24851: Critical vuln in AutomationDirect Productivity 3000 P3-550E programming software. Exploit leads to incorrect buffer access. Upgrade affected component immediately to mitigate risk. #IndustrialCyberSecurity #ICSsecurity
0
0
0
CVE-2024-24851 (CVSS:7.5, HIGH) is Awaiting Analysis. A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of Automat..https://t.co/6KUSPtq0eD #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSAutomationdirectp3-550e_firmware
Configuration 2
TypeVendorProduct
OSAutomationdirectp3-550_firmware
Configuration 3
TypeVendorProduct
OSAutomationdirectp3-530_firmware
Configuration 4
TypeVendorProduct
OSAutomationdirectp2-550_firmware
Configuration 5
TypeVendorProduct
OSAutomationdirectp1-550_firmware
Configuration 6
TypeVendorProduct
OSAutomationdirectp1-540_firmware

References

ReferenceLink
[email protected]https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936
[email protected]https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025
[email protected]https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936
[email protected]https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025
[email protected]https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936
[email protected]https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936
HTTPS://COMMUNITY.AUTOMATIONDIRECT.COM/S/INTERNAL-DATABASE-SECURITY-ADVISORY/A4GPE0000003Y1F2AQ/SA00025https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025
HTTPS://TALOSINTELLIGENCE.COM/VULNERABILITY_REPORTS/TALOS-2024-1936https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936
AF854A3A-2127-422B-91AE-364DA2661108https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025
AF854A3A-2127-422B-91AE-364DA2661108https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936
AF854A3A-2127-422B-91AE-364DA2661108https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936
[email protected]https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025
[email protected]https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936
[email protected]https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936

CWE Details

CWE IDCWE NameDescription
CWE-805Buffer Access with Incorrect Length ValueThe software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence