CVE-2024-24957

{"id": "CVE-2024-24957", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-05-28T16:15:14.543", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`."}, {"lang": "es", "value": "Existen varias vulnerabilidades de escritura fuera de los l\u00edmites en la funcionalidad API del sistema de archivos de conexi\u00f3n del software de programaci\u00f3n de AutomationDirect P3-550E 1.2.10.9. Los paquetes de red especialmente manipulados pueden provocar da\u00f1os en la memoria del mont\u00f3n. Un atacante puede enviar paquetes maliciosos para activar estas vulnerabilidades. Este CVE rastrea la vulnerabilidad de escritura arbitraria de bytes nulos ubicada en el firmware 1.2.10.9 del P3-550E en el desplazamiento `0xb6aa4`."}], "lastModified": "2025-02-12T17:03:40.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A393F14-3BD3-44DE-B06F-9235AB62C68F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:p3-550e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5086EF1F-C3CE-4B5F-A352-67CE332A6C4F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}