CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24851
https://notcve.org/view.php?id=CVE-2024-24851
A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad FiBurn de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente manipulado puede provocar un desbordamiento del búfer. • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025 https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936 • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24947
https://notcve.org/view.php?id=CVE-2024-24947
A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb68c4` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad CurrDir de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente manipulado puede provocar una denegación de servicio. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1937 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1937 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24946
https://notcve.org/view.php?id=CVE-2024-24946
A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad CurrDir de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente manipulado puede provocar una denegación de servicio. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1937 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1937 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24959
https://notcve.org/view.php?id=CVE-2024-24959
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6c18`. Existen varias vulnerabilidades de escritura fuera de los límites en la funcionalidad API del sistema de archivos de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Los paquetes de red especialmente manipulados pueden provocar daños en la memoria del montón. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24958
https://notcve.org/view.php?id=CVE-2024-24958
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6bdc`. Existen varias vulnerabilidades de escritura fuera de los límites en la funcionalidad API del sistema de archivos de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Los paquetes de red especialmente manipulados pueden provocar daños en la memoria del montón. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938 https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938 • CWE-787: Out-of-bounds Write •