CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-23601

CVSS 9.8v3.1pub. 2024-05-28upd. 2025-02-12

A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

🤖 AI Analysis
How it works

The vulnerability results from insufficient verification of integrity and authenticity of the scan_lib.bin file (CWE-345) and the possibility of code injection (CWE-94) during its processing. An attacker can provide a specially crafted scan_lib.bin file that, after being loaded by the device, leads to execution of arbitrary code. No privileges or user interaction are required to trigger the vulnerability — the attack vector is network-based.

Impact

Successful exploitation of the vulnerability allows an attacker to gain full control over the device, including reading and modifying data, disrupting PLC controller operation, and potentially disrupting industrial processes controlled by the device.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references — update described in AutomationDirect security bulletin (SA00039) and Talos Intelligence report TALOS-2024-1943. It is also recommended to restrict network access to the device through network segmentation and firewall implementation, and configuration files loaded to the device should come only from trusted, verified sources.

Who is affected

AutomationDirect P3-550E with firmware version 1.2.10.9 and related P3-550 product variants.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Automationdirect P1 540

    HW
    Automationdirect
    wszystkie wersje
  • Automationdirect P1 540 Firmware

    OS
    Automationdirect
    1.2.10.104.1.1.10
  • Automationdirect P1 550

    HW
    Automationdirect
    wszystkie wersje
  • Automationdirect P1 550 Firmware

    OS
    Automationdirect
    1.2.10.104.1.1.10
  • Automationdirect P2 550

    HW
    Automationdirect
    wszystkie wersje
  • Automationdirect P2 550 Firmware

    OS
    Automationdirect
    1.2.10.104.1.1.10
  • Automationdirect P3 530

    HW
    Automationdirect
    wszystkie wersje
  • Automationdirect P3 530 Firmware

    OS
    Automationdirect
    1.2.10.94.1.1.10
  • Automationdirect P3 550

    HW
    Automationdirect
    wszystkie wersje
  • Automationdirect P3 550e

    HW
    Automationdirect
    wszystkie wersje
  • Automationdirect P3 550e Firmware

    OS
    Automationdirect
    1.2.10.94.1.1.10
  • Automationdirect P3 550 Firmware

    OS
    Automationdirect
    1.2.10.94.1.1.10
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-24963CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w AutomationDirect P3-550E — RCE bez uwierzytelnienia

CVE-2024-21785CRITICAL9.8PL ✓ten sam produkt

AutomationDirect P3-550E — nieusunięty kod debugowania w interfejsie Telnet

CVE-2024-22187CRITICAL9.1PL ✓ten sam produkt

Dowolny zapis w pamięci (write-what-where) w AutomationDirect P3-550E

CVE-2024-24962CRITICAL9.8PL ✓ten sam produkt

Stack-based buffer overflow w AutomationDirect P3-550E — zdalny RCE bez uwierzytelnienia

CVE-2024-24946HIGH8.2ten sam produkt

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality...