PatchSiren cyber security CVE debrief
CVE-2024-23601 AutomationDirect CVE debrief
A critical code injection vulnerability in AutomationDirect Productivity PLCs allows arbitrary code execution through malicious scan_lib.bin files. The vulnerability affects multiple Productivity series CPUs across firmware and software versions, with a CVSS 3.1 score of 9.8 indicating network-exploitable, unauthenticated remote code execution. The issue was disclosed on May 23, 2024 via CISA ICS advisory ICSA-24-144-01. Vendor-provided patches are available through updated Productivity Suite software (version 4.2.0.x or higher) and corresponding firmware updates. For systems that cannot be immediately patched, network isolation and segmentation controls are recommended as compensating measures.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Organizations operating AutomationDirect Productivity series PLCs in industrial automation environments, particularly those with internet-facing or network-connected control systems. Critical infrastructure operators, manufacturing facilities, and any deployment where PLC compromise could impact safety, production, or operational technology environments. Security teams responsible for OT/ICS asset management and vulnerability response should prioritize assessment and patching.
Technical summary
The vulnerability exists in the scan_lib.bin functionality of AutomationDirect Productivity series PLCs. A specially crafted scan_lib.bin file can be provided by an attacker to trigger arbitrary code execution. The attack vector is network-based with low attack complexity, requiring no privileges or user interaction. Affected products span the Productivity 3000, 2000, and 1000 series CPUs with specific firmware and software versions including P3-550E, P3-550, P3-530, P2-550, P1-550, and P1-540 models. The vulnerability enables complete compromise of confidentiality, integrity, and availability of affected control systems.
Defensive priority
critical
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher
- Update affected Productivity PLC firmware to the latest available version
- Physically disconnect affected PLCs from external networks including internet and LANs if patching is not immediately feasible
- Implement network segmentation to isolate affected PLCs from other organizational systems
- Configure firewall rules or network access control policies to restrict traffic to affected PLCs
- Conduct network security analysis to determine appropriate security controls for automation control system environments
- Contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for assistance with remediation
- Review vendor security considerations documentation for additional hardening guidance
Evidence notes
Vulnerability description and affected product list derived from CISA CSAF advisory ICSA-24-144-01. CVSS score 9.8 (CRITICAL) confirmed from source metadata. Remediation guidance including specific version numbers and vendor contact information extracted from CSAF remediations section.
Official resources
-
CVE-2024-23601 CVE record
CVE.org
-
CVE-2024-23601 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-23