CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24962
https://notcve.org/view.php?id=CVE-2024-24962
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware. Existe una vulnerabilidad de desbordamiento del búfer basada en pila en la funcionalidad FileSelect de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente manipulado puede provocar un desbordamiento de búfer en la región stack de la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1939 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1939 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22187
https://notcve.org/view.php?id=CVE-2024-22187
A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability. Existe una vulnerabilidad de escritura en qué lugar en la funcionalidad de diagnóstico de memoria remota de conexión de software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente manipulado puede provocar una escritura arbitraria. • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yXV2AY/sa00036 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1940 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1940 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23315
https://notcve.org/view.php?id=CVE-2024-23315
A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability. Existe una vulnerabilidad de lectura en qué lugar en la funcionalidad de lectura de memoria IMM 01A1 de la conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente manipulado puede dar lugar a la divulgación de información confidencial. • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yZ72AI/sa00037 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1941 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1941 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21785
https://notcve.org/view.php?id=CVE-2024-21785
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability. Existe una vulnerabilidad de código de depuración sobrante en la funcionalidad de la interfaz de diagnóstico Telnet de AutomationDirect P3-550E 1.2.10.9. Una serie de solicitudes de red especialmente manipuladas pueden provocar un acceso no autorizado. • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1942 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1942 • CWE-489: Active Debug Code •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23601
https://notcve.org/view.php?id=CVE-2024-23601
A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de inyección de código en la funcionalidad scan_lib.bin de AutomationDirect P3-550E 1.2.10.9. Un scan_lib.bin especialmente manipulado puede provocar la ejecución de código arbitrario. • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003ycL2AQ/sa00039 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1943 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1943 • CWE-345: Insufficient Verification of Data Authenticity •