CVE-2024-22187
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
28/05/2024
Last modified:
12/02/2025
Description
A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p3-550e_firmware:4.1.1.10:*:*:*:*:*:*:* | ||
cpe:2.3:h:automationdirect:p3-550e:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p3-550_firmware:1.2.10.9:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p3-550_firmware:4.1.1.10:*:*:*:*:*:*:* | ||
cpe:2.3:h:automationdirect:p3-550:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p3-530_firmware:1.2.10.9:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p3-530_firmware:4.1.1.10:*:*:*:*:*:*:* | ||
cpe:2.3:h:automationdirect:p3-530:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p2-550_firmware:1.2.10.10:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p2-550_firmware:4.1.1.10:*:*:*:*:*:*:* | ||
cpe:2.3:h:automationdirect:p2-550:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p1-550_firmware:1.2.10.10:*:*:*:*:*:*:* | ||
cpe:2.3:o:automationdirect:p1-550_firmware:4.1.1.10:*:*:*:*:*:*:* | ||
cpe:2.3:h:automationdirect:p1-550:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yXV2AY/sa00036
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1940
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1940
- https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yXV2AY/sa00036
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1940
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1940