AutomationDirect P3-550E Programming Software Connection FileSystem API out-of-bounds write vulnerabilities

Talos Vulnerability Report TALOS-2024-1938 AutomationDirect P3-550E Programming Software Connection FileSystem API out-of-bounds write vulnerabilities May 28, 2024 CVE Number CVE-2024-24956,CVE-2024-24957,CVE-2024-24959,CVE-2024-24958,CVE-2024-24955,CVE-2024-24954 SUMMARY Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities. CONFIRMED VULNERABLE VERSIONS The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor. AutomationDirect P3-550E 1.2.10.9 PRODUCT URLS P3-550E – https://www.automationdirect.com/adc/shopping/catalog/programmable_controllers/productivity3000_plcs_(modular)/cpus/p3-550e CVSSv3 SCORE 8.2 – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CWE CWE-787 – Out-of-bounds Write DETAILS The P3-550E is the most recent CPU module released in the Productivity3000 line of Programmable Automation Controllers from AutomationDirect. It is an affordable control CPU which communicates remotely via ethernet, serial, and USB and exposes a variety of control services, including MQTT, Modbus, ENIP and the engineering workstation protocol DirectNET. The P3-550E exposes a “Programming Software Connection” service over UDP port 9999 that is used by the engineering workstation…Read More