A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
The vulnerability results from insufficient verification of integrity and authenticity of the scan_lib.bin file (CWE-345) and the possibility of code injection (CWE-94) during its processing. An attacker can provide a specially crafted scan_lib.bin file that, after being loaded by the device, leads to execution of arbitrary code. No privileges or user interaction are required to trigger the vulnerability — the attack vector is network-based.
Successful exploitation of the vulnerability allows an attacker to gain full control over the device, including reading and modifying data, disrupting PLC controller operation, and potentially disrupting industrial processes controlled by the device.
Patches available from the manufacturer should be applied in accordance with references — update described in AutomationDirect security bulletin (SA00039) and Talos Intelligence report TALOS-2024-1943. It is also recommended to restrict network access to the device through network segmentation and firewall implementation, and configuration files loaded to the device should come only from trusted, verified sources.
AutomationDirect P3-550E with firmware version 1.2.10.9 and related P3-550 product variants.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAutomationdirect P1 540
HWAutomationdirectwszystkie wersjeAutomationdirect P1 540 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P1 550
HWAutomationdirectwszystkie wersjeAutomationdirect P1 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P2 550
HWAutomationdirectwszystkie wersjeAutomationdirect P2 550 Firmware
OSAutomationdirect1.2.10.104.1.1.10Automationdirect P3 530
HWAutomationdirectwszystkie wersjeAutomationdirect P3 530 Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e
HWAutomationdirectwszystkie wersjeAutomationdirect P3 550e Firmware
OSAutomationdirect1.2.10.94.1.1.10Automationdirect P3 550 Firmware
OSAutomationdirect1.2.10.94.1.1.10
Related vulnerabilities
Stack-based buffer overflow w AutomationDirect P3-550E — RCE bez uwierzytelnienia
AutomationDirect P3-550E — nieusunięty kod debugowania w interfejsie Telnet
Dowolny zapis w pamięci (write-what-where) w AutomationDirect P3-550E
Stack-based buffer overflow w AutomationDirect P3-550E — zdalny RCE bez uwierzytelnienia
A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality...