A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.
The vulnerability results from leaving diagnostic code (debug code) active in the production firmware of the device. An attacker, by sending a specially crafted sequence of network requests to the Telnet interface, can trigger the vulnerability and gain unauthorized access to the system. The exploit does not require any privileges or user interaction, and the attack can be carried out remotely over the network.
An attacker can gain unauthorized access to the device, which with a full CVSS score (C:H/I:H/A:H) means the possibility of violating the confidentiality, integrity and availability of the industrial control system.
Apply patches available from the manufacturer according to references (AutomationDirect advisory SA00038 and Talos Intelligence report TALOS-2024-1942). Additionally, it is recommended to restrict network access to the Telnet interface of industrial devices through network segmentation and firewalls.
AutomationDirect P3-550E with firmware version 1.2.10.9 and related devices from the P3-550 series (indicated in manufacturer references).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAutomationdirect P1 540
HWAutomationdirectwszystkie wersjeAutomationdirect P1 540 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P1 550
HWAutomationdirectwszystkie wersjeAutomationdirect P1 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P2 550
HWAutomationdirectwszystkie wersjeAutomationdirect P2 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P3 530
HWAutomationdirectwszystkie wersjeAutomationdirect P3 530 Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550 Firmware
OSAutomationdirect1.2.10.94.1.1.10
Related vulnerabilities
Stack-based buffer overflow w AutomationDirect P3-550E — RCE bez uwierzytelnienia
AutomationDirect P3-550E — code injection przez plik scan_lib.bin
Dowolny zapis w pamięci (write-what-where) w AutomationDirect P3-550E
Stack-based buffer overflow w AutomationDirect P3-550E — zdalny RCE bez uwierzytelnienia
A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality...