A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware.
The vulnerability lies in the handling of FileSelect functionality in the Programming Software Connection component. Transmission of a properly crafted network packet causes a stack-based buffer overflow at offset 0xb6e84 of the P3-550E firmware in version 1.2.10.9. The mechanism does not require prior authentication or any user interaction, making the attack possible to conduct remotely over the network without additional prerequisites.
Successful exploitation of the vulnerability may enable an attacker to remotely execute arbitrary code (RCE) on the device with the privileges of the process handling the connection, which in an industrial environment could lead to takeover of the controller and disruption of automation processes.
Patches available from the manufacturer should be applied in accordance with the references. Temporarily, it is recommended to isolate P3-550E devices from untrusted networks, restrict access to the devices only to authorized engineering stations using a firewall or VLAN networks, and monitor network traffic directed to these controllers.
AutomationDirect P3-550E firmware in version 1.2.10.9 and AutomationDirect P3-550 (firmware versions indicated in the manufacturer's references)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAutomationdirect P1 540
HWAutomationdirectwszystkie wersjeAutomationdirect P1 540 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P1 550
HWAutomationdirectwszystkie wersjeAutomationdirect P1 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P2 550
HWAutomationdirectwszystkie wersjeAutomationdirect P2 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P3 530
HWAutomationdirectwszystkie wersjeAutomationdirect P3 530 Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550 Firmware
OSAutomationdirect1.2.10.94.1.1.10
Related vulnerabilities
Stack-based buffer overflow w AutomationDirect P3-550E — zdalny RCE bez uwierzytelnienia
AutomationDirect P3-550E — nieusunięty kod debugowania w interfejsie Telnet
AutomationDirect P3-550E — code injection przez plik scan_lib.bin
Dowolny zapis w pamięci (write-what-where) w AutomationDirect P3-550E
A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality ...