PatchSiren cyber security CVE debrief
CVE-2024-24851 AutomationDirect CVE debrief
A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect Productivity PLCs. The vulnerability can be triggered by an unauthenticated attacker sending a specially crafted network packet, leading to a buffer overflow condition. This affects multiple Productivity PLC product lines including the P3-550E, P3-550, P3-530, P2-550, P1-550, and P1-540 CPUs with specific firmware and software versions. The vulnerability was published by CISA on May 23, 2024 as advisory ICSA-24-144-01.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Organizations operating AutomationDirect Productivity 3000, 2000, or 1000 series PLCs in industrial control environments. Critical infrastructure operators, manufacturing facilities, and any sites using affected PLCs for process control should prioritize assessment and remediation. Security teams responsible for OT/ICS network segmentation and asset inventory management should review exposure.
Technical summary
The vulnerability exists in the FiBurn functionality of AutomationDirect Productivity PLCs, which is used during programming software connections. A heap-based buffer overflow can be triggered when the PLC processes a specially crafted network packet. The attack vector is network-based, requires no authentication, and has low attack complexity. Successful exploitation results in high availability impact (denial of service) with no confidentiality or integrity impact per CVSS:3.1 scoring. The vulnerability affects firmware versions 1.2.10.9 and 1.2.10.10 across multiple Productivity PLC product lines, as well as Productivity Suite programming software version 4.1.1.10.
Defensive priority
HIGH
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher
- Update Productivity PLC firmware to the latest available version
- Physically disconnect affected PLCs from external networks including internet and LANs if patching is not immediately feasible
- Implement network segmentation to isolate affected PLCs from other organizational systems
- Configure firewall rules or network access control (NAC) policies to restrict traffic to affected PLCs
- Conduct a thorough network security analysis to determine appropriate security levels for automation control systems
- Review AutomationDirect security considerations documentation for additional hardening guidance
- Contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for assistance with remediation
Evidence notes
CISA CSAF advisory ICSA-24-144-01 identifies a heap-based buffer overflow in the Programming Software Connection FiBurn functionality. The vulnerability is triggered by specially crafted network packets and can be exploited by unauthenticated attackers. Affected products include six Productivity PLC product families across twelve specific firmware and software version combinations.
Official resources
-
CVE-2024-24851 CVE record
CVE.org
-
CVE-2024-24851 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Disclosed by CISA ICS-CERT on May 23, 2024 as advisory ICSA-24-144-01. The vulnerability was identified in AutomationDirect Productivity PLCs and affects the FiBurn functionality used during programming software connections.