PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-24947 AutomationDirect CVE debrief

CVE-2024-24947 is a high-severity buffer overflow vulnerability in AutomationDirect Productivity PLCs, specifically affecting the Programming Software Connection CurrDir functionality in the P3-550E CPU running firmware version 1.2.10.9. Published on May 23, 2024, this vulnerability allows unauthenticated remote attackers to trigger a denial of service condition by sending specially crafted network packets. The vulnerability stems from an allocation failure during buffer operations, with a CVSS 3.1 score of 8.2 (HIGH severity). The attack vector is network-based, requires no authentication, and has low attack complexity, making it exploitable by threat actors without credentials or user interaction. While the confidentiality impact is none and integrity impact is low, the availability impact is rated high, consistent with the denial of service outcome. Multiple Productivity PLC product lines are affected, including the Productivity 3000 series (P3-550E, P3-550, P3-530), Productivity 2000 series (P2-550), and Productivity 1000 series (P1-550, P1-540), spanning both firmware and software components. AutomationDirect has released patches addressing this vulnerability.

Vendor
AutomationDirect
Product
Productivity 3000 P3-550E CPU
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2024-05-23
Original CVE updated
2024-05-23
Advisory published
2024-05-23
Advisory updated
2024-05-23

Who should care

Industrial control system operators, OT security teams, manufacturing security engineers, automation engineers, and critical infrastructure defenders using AutomationDirect Productivity PLC platforms in production environments. Organizations with Productivity 3000, 2000, or 1000 series deployments should prioritize assessment and patching due to the unauthenticated, network-accessible nature of this vulnerability and its high availability impact.

Technical summary

The vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E firmware 1.2.10.9. An allocation failed buffer overflow condition can be triggered by a specially crafted network packet, resulting in denial of service. The attack requires no authentication and can be executed remotely over the network. Affected product families include Productivity 3000 (P3-550E, P3-550, P3-530), Productivity 2000 (P2-550), and Productivity 1000 (P1-550, P1-540) with specific firmware and software versions. Remediation requires updating Productivity Suite programming software to version 4.2.0.x or higher and applying latest firmware updates. For systems that cannot be immediately patched, network isolation through physical disconnection, segmentation, and firewall/NAC restrictions are recommended compensating controls.

Defensive priority

HIGH

Recommended defensive actions

  • Update Productivity Suite programming software to version 4.2.0.x or higher on all engineering workstations
  • Update affected Productivity PLC firmware to the latest available version from AutomationDirect
  • Physically disconnect affected PLCs from external networks including internet and LAN connections where patching is not immediately feasible
  • Implement network segmentation to isolate Productivity PLCs from other organizational systems and devices
  • Configure firewall rules or network access control (NAC) policies to restrict network traffic to affected PLCs
  • Conduct a comprehensive network security analysis to determine appropriate security controls for automation control system environments
  • Review AutomationDirect security considerations documentation for defense-in-depth guidance applicable to PLC, HMI, and SCADA deployments
  • Contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for assistance with remediation planning

Evidence notes

Vulnerability description and affected products confirmed through CISA ICS advisory ICSA-24-144-01. CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H indicates network-accessible, unauthenticated attack with high availability impact. Remediation guidance specifies Productivity Suite programming software version 4.2.0.x or higher as the patched version.

Official resources

2024-05-23