CVE-2024-24957

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-24957
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938
Configurations

No configuration.

History

21 Nov 2024, 09:00

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938 - () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938 -
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938 - () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938 -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938 -
Summary
  • (es) Existen varias vulnerabilidades de escritura fuera de los límites en la funcionalidad API del sistema de archivos de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Los paquetes de red especialmente manipulados pueden provocar daños en la memoria del montón. Un atacante puede enviar paquetes maliciosos para activar estas vulnerabilidades. Este CVE rastrea la vulnerabilidad de escritura arbitraria de bytes nulos ubicada en el firmware 1.2.10.9 del P3-550E en el desplazamiento `0xb6aa4`.

28 May 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-28 16:15

Updated : 2024-11-21 09:00

NVD link : CVE-2024-24957

Mitre link : CVE-2024-24957

CVE.ORG link : CVE-2024-24957

JSON object : View

Products Affected

No product.

CWE
CWE-787

Out-of-bounds Write


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024