Unrated severityNVD Advisory· Published May 28, 2024· Updated Feb 13, 2025

CVE-2024-24946

Description

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset 0xb686c of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to memset relies on an attacker-controlled length value and corrupts any trailing heap allocations.

Affected products

Automationdirect/P3-550Ellm-fuzzy
Range: = 1.2.10.9
AutomationDirect/P3-550Ev5
Range: 1.2.10.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

talosintelligence.com/vulnerability_reports/TALOS-2024-1937mitre
www.talosintelligence.com/vulnerability_reports/TALOS-2024-1937mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000