CVE-2024-24954 – This vulnerability allows remote attackers to w... (How to Fix)

📋 TL;DR

This vulnerability allows remote attackers to write arbitrary null bytes to heap memory in AutomationDirect P3-550E PLC programming software. Exploitation can lead to memory corruption, potentially enabling remote code execution or denial of service. Organizations using P3-550E firmware version 1.2.10.9 are affected.

💻 Affected Systems

Products:

AutomationDirect P3-550E

Versions: Firmware version 1.2.10.9

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the Programming Software Connection FileSystem API functionality

📦 What is this software?

P3 550e Firmware by Automationdirect

View all CVEs affecting P3 550e Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, manipulation of industrial processes, or persistent backdoor installation

🟠

Likely Case

Denial of service causing PLC malfunction or system crashes disrupting industrial operations

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially only causing temporary service interruption

🌐 Internet-Facing: HIGH - Network-accessible vulnerability that can be exploited remotely without authentication

🏢 Internal Only: HIGH - Even internally, this vulnerability can be exploited by malicious insiders or compromised internal systems

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires crafting specific network packets but no authentication needed. Vulnerability details are publicly disclosed in Talos reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check AutomationDirect website for security advisories
2. Monitor for firmware updates
3. Apply any available patches following vendor instructions
4. Restart affected devices after patching

🔧 Temporary Workarounds

Network Segmentation

all

Isolate P3-550E devices from untrusted networks and restrict access to necessary systems only

Firewall Rules

all

Block access to Programming Software Connection FileSystem API ports from unauthorized sources

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor network traffic for suspicious patterns targeting the FileSystem API

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via programming software interface or device web interface

Check Version:

Use AutomationDirect programming software to read device firmware version

Verify Fix Applied:

Verify firmware version has been updated beyond 1.2.10.9

📡 Detection & Monitoring

Log Indicators:

Unexpected device restarts
Memory access errors in system logs
Unusual network connections to FileSystem API

Network Indicators:

Malformed packets to Programming Software Connection FileSystem API
Traffic patterns matching exploit signatures

SIEM Query:

source_ip:external AND dest_port:PORT_NUMBER AND protocol:TCP AND payload_size:ANOMALOUS

📊 Metadata

CVE ID: CVE-2024-24954

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-787

Published: May 28, 2024

Last Updated: February 12, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1938 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24954, you might also want to check these: