PatchSiren cyber security CVE debrief
CVE-2024-24946 AutomationDirect CVE debrief
A buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect Productivity PLCs. The flaw allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted network packets. The vulnerability affects multiple Productivity series CPUs across firmware versions 1.2.10.9 and 1.2.10.10, as well as Productivity Suite programming software version 4.1.1.10. The vulnerability was disclosed on May 23, 2024, with a CVSS 3.1 score of 8.2 (HIGH), indicating significant risk due to network attack vector, low attack complexity, and no required privileges or user interaction.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Organizations operating AutomationDirect Productivity 3000, 2000, or 1000 series PLCs in industrial automation environments, particularly those with network-connected control systems. Critical infrastructure operators, manufacturing facilities, and any sites where these PLCs perform safety-critical or production-critical functions should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the Programming Software Connection CurrDir functionality, where improper handling of length fields in network packets leads to buffer overflow conditions. The flaw is present in firmware version 1.2.10.9 for Productivity 3000 series CPUs and version 1.2.10.10 for Productivity 2000 and 1000 series CPUs, as well as Productivity Suite software version 4.1.1.10. Attackers can exploit this vulnerability without authentication by sending crafted network packets, resulting in denial of service conditions. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) reflects network accessibility, low complexity, no privilege requirements, and high availability impact with low integrity impact.
Defensive priority
HIGH
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher
- Update affected Productivity PLC firmware to the latest available version
- Physically disconnect affected PLCs from external networks including internet and LANs if patching is not immediately feasible
- Implement network segmentation to isolate affected PLCs from other organizational systems
- Configure firewall rules or network access control policies to restrict traffic to affected PLCs
- Conduct thorough network security analysis to determine appropriate security controls for automation control system environments
- Review AutomationDirect security considerations documentation for additional hardening guidance
- Contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for assistance with remediation
Evidence notes
The vulnerability description and affected product list are derived from CISA CSAF advisory ICSA-24-144-01, which identifies the buffer overflow in the CurrDir functionality of the Programming Software Connection component. The advisory specifies that the vulnerability can be triggered by unauthenticated network packets, leading to denial of service. Twelve specific product configurations are identified as affected, spanning Productivity 3000, 2000, and 1000 series CPUs with specific firmware and software versions.
Official resources
-
CVE-2024-24946 CVE record
CVE.org
-
CVE-2024-24946 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-23