A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware.
The vulnerability exists in the FileSelect functionality of the Programming Software Connection software in the AutomationDirect P3-550E firmware version 1.2.10.9. The attacker sends a specially crafted network packet without the need for authentication, causing a stack-based buffer overflow at offset 0xb6e98 in the firmware. The stack overflow enables control over program execution flow and potential execution of arbitrary code on the device.
An attacker can gain full control over the device, including the ability to read and modify data, disrupt industrial processes, or permanently damage the PLC controller configuration.
Apply patches available from the manufacturer according to the references (Cisco Talos report TALOS-2024-1939). It is also recommended to restrict network access to PLC devices through OT/ICS network segmentation and firewalls, so that packets from untrusted sources do not reach the controllers.
AutomationDirect P3-550E and P3-550 with firmware version 1.2.10.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAutomationdirect P1 540
HWAutomationdirectwszystkie wersjeAutomationdirect P1 540 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P1 550
HWAutomationdirectwszystkie wersjeAutomationdirect P1 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P2 550
HWAutomationdirectwszystkie wersjeAutomationdirect P2 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P3 530
HWAutomationdirectwszystkie wersjeAutomationdirect P3 530 Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550 Firmware
OSAutomationdirect1.2.10.94.1.1.10
Related vulnerabilities
Stack-based buffer overflow w AutomationDirect P3-550E — RCE bez uwierzytelnienia
AutomationDirect P3-550E — nieusunięty kod debugowania w interfejsie Telnet
AutomationDirect P3-550E — code injection przez plik scan_lib.bin
Dowolny zapis w pamięci (write-what-where) w AutomationDirect P3-550E
A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality ...