PatchSiren cyber security CVE debrief
CVE-2024-21785 AutomationDirect CVE debrief
A critical vulnerability (CVSS 9.8) in AutomationDirect Productivity PLCs stems from leftover debug code in the Telnet Diagnostic Interface, enabling unauthorized network access via specially crafted requests. Published 2024-05-23, this flaw affects multiple Productivity series CPUs across firmware and software versions. The vendor has released updated software (version 4.2.0.x or higher) and firmware patches, with network isolation as an interim mitigation for unpatched systems.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Industrial control system operators, OT security teams, manufacturing security engineers, automation engineers, and critical infrastructure defenders using AutomationDirect Productivity series PLCs in production environments.
Technical summary
The vulnerability exists in the Telnet Diagnostic Interface functionality where debug code was not removed from production firmware/software. An attacker can send a specially crafted sequence of network requests to exploit this residual debug functionality and gain unauthorized access to the PLC. The attack vector is network-based, requires no authentication, and can result in complete compromise of confidentiality, integrity, and availability. Affected products span the Productivity 1000 (P1-540, P1-550), Productivity 2000 (P2-550), and Productivity 3000 (P3-530, P3-550, P3-550E) series with specific firmware and software versions.
Defensive priority
critical
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher
- Update Productivity PLC firmware to the latest available version
- Physically disconnect affected PLCs from external networks, internet, and LANs if patching is not immediately feasible
- Implement network segmentation to isolate PLCs from other organizational systems
- Configure firewall rules or network access control (NAC) policies to block traffic to affected PLCs
- Conduct a thorough network security analysis to determine appropriate security levels for automation control systems
- Review AutomationDirect security considerations documentation for additional hardening guidance
- Contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for assistance with remediation
Evidence notes
CISA ICS advisory ICSA-24-144-01 identifies leftover debug code in the Telnet Diagnostic Interface as the root cause, with unauthorized access achievable through a sequence of network requests. Affects 12 product variants across Productivity 1000, 2000, and 3000 series.
Official resources
-
CVE-2024-21785 CVE record
CVE.org
-
CVE-2024-21785 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-23