CVE-2024-24851 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-24851

Analyzed

More Info Official Page

Source-talos-cna@cisco.com

Published At-28 May, 2024 | 16:15

Updated At-12 Feb, 2025 | 17:30

A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

AutomationDirect

>>p3-550e_firmware>>1.2.10.9

cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:*

AutomationDirect

>>p3-550e_firmware>>4.1.1.10

cpe:2.3:o:automationdirect:p3-550e_firmware:4.1.1.10:*:*:*:*:*:*:*

AutomationDirect

cpe:2.3:h:automationdirect:p3-550e:-:*:*:*:*:*:*:*

AutomationDirect

>>p3-550_firmware>>1.2.10.9

cpe:2.3:o:automationdirect:p3-550_firmware:1.2.10.9:*:*:*:*:*:*:*

AutomationDirect

>>p3-550_firmware>>4.1.1.10

cpe:2.3:o:automationdirect:p3-550_firmware:4.1.1.10:*:*:*:*:*:*:*

AutomationDirect

cpe:2.3:h:automationdirect:p3-550:-:*:*:*:*:*:*:*

AutomationDirect

>>p3-530_firmware>>1.2.10.9

cpe:2.3:o:automationdirect:p3-530_firmware:1.2.10.9:*:*:*:*:*:*:*

AutomationDirect

>>p3-530_firmware>>4.1.1.10

cpe:2.3:o:automationdirect:p3-530_firmware:4.1.1.10:*:*:*:*:*:*:*

AutomationDirect

cpe:2.3:h:automationdirect:p3-530:-:*:*:*:*:*:*:*

AutomationDirect

>>p2-550_firmware>>1.2.10.10

cpe:2.3:o:automationdirect:p2-550_firmware:1.2.10.10:*:*:*:*:*:*:*

AutomationDirect

>>p2-550_firmware>>4.1.1.10

cpe:2.3:o:automationdirect:p2-550_firmware:4.1.1.10:*:*:*:*:*:*:*

AutomationDirect

cpe:2.3:h:automationdirect:p2-550:-:*:*:*:*:*:*:*

AutomationDirect

>>p1-550_firmware>>1.2.10.10

cpe:2.3:o:automationdirect:p1-550_firmware:1.2.10.10:*:*:*:*:*:*:*

AutomationDirect

>>p1-550_firmware>>4.1.1.10

cpe:2.3:o:automationdirect:p1-550_firmware:4.1.1.10:*:*:*:*:*:*:*

AutomationDirect

cpe:2.3:h:automationdirect:p1-550:-:*:*:*:*:*:*:*

AutomationDirect

>>p1-540_firmware>>1.2.10.10

cpe:2.3:o:automationdirect:p1-540_firmware:1.2.10.10:*:*:*:*:*:*:*

AutomationDirect

>>p1-540_firmware>>4.1.1.10

cpe:2.3:o:automationdirect:p1-540_firmware:4.1.1.10:*:*:*:*:*:*:*

AutomationDirect

cpe:2.3:h:automationdirect:p1-540:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-805	Secondary	talos-cna@cisco.com
CWE-787	Primary	nvd@nist.gov

CWE ID: CWE-805

Type: Secondary

Source: talos-cna@cisco.com

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025	talos-cna@cisco.com	Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936	talos-cna@cisco.com	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936	talos-cna@cisco.com	Exploit Third Party Advisory
https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory

Hyperlink: https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025

Source: talos-cna@cisco.com

Resource:

Vendor Advisory

Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936

Source: talos-cna@cisco.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936

Source: talos-cna@cisco.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1936

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1936

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Third Party Advisory