1. Home
  2. CVE Database
  3. CVE-2024-24947
HIGH · 8.2

CVE-2024-24947

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to deni...

Vulnerability Description

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb68c4` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
HIGH

Affected Products

VendorProductVersions
AutomationdirectP3-550E Firmware1.2.10.9
AutomationdirectP3-550E-
AutomationdirectP3-550 Firmware1.2.10.9
AutomationdirectP3-550-
AutomationdirectP3-530 Firmware1.2.10.9
AutomationdirectP3-530-
AutomationdirectP2-550 Firmware1.2.10.10
AutomationdirectP2-550-
AutomationdirectP1-550 Firmware1.2.10.10
AutomationdirectP1-550-
AutomationdirectP1-540 Firmware1.2.10.10
AutomationdirectP1-540-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2024-24947?

CVE-2024-24947 is a vulnerability with a CVSS score of 8.2 (HIGH). A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to deni...

How severe is CVE-2024-24947?

CVE-2024-24947 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-24947?

Check the references section above for vendor advisories and patch information. Affected products include: Automationdirect P3-550E Firmware, Automationdirect P3-550E, Automationdirect P3-550 Firmware, Automationdirect P3-550, Automationdirect P3-530 Firmware.