PatchSiren cyber security CVE debrief
CVE-2024-24955 AutomationDirect CVE debrief
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple CPU models across the Productivity 3000, 2000, and 1000 series running specific firmware and software versions. With a CVSS 3.1 score of 8.2 (HIGH), this vulnerability poses significant risk to availability and integrity of affected industrial control systems, as it can be exploited remotely without authentication.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Organizations operating AutomationDirect Productivity 3000, 2000, or 1000 series PLCs in manufacturing, industrial automation, building control, or critical infrastructure environments. Security teams responsible for OT/ICS network protection, plant engineers, and system integrators deploying these controllers should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the Programming Software Connection FileSystem API functionality. A null-byte write condition allows heap-based memory corruption when processing specially crafted network packets. The attack vector is network-based, requires no authentication, and can be exploited remotely. Successful exploitation impacts availability (HIGH) and integrity (LOW) of the affected PLC systems. The vulnerability affects firmware versions 1.2.10.9 and 1.2.10.10 across multiple CPU models, as well as Productivity Suite software version 4.1.1.10.
Defensive priority
HIGH
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher on all engineering workstations
- Update Productivity PLC firmware to the latest available version for all affected CPU models
- Physically disconnect affected PLCs from external networks including internet and LAN connections where immediate patching is not feasible
- Implement network segmentation to isolate affected PLCs from other organizational systems
- Configure firewall rules or network access control (NAC) policies to block unauthorized traffic to affected PLCs
- Conduct thorough network security analysis to determine appropriate security controls for automation control system environments
- Review AutomationDirect security considerations documentation for additional hardening guidance
- Contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for assistance with remediation activities
Evidence notes
Vulnerability disclosed by CISA on 2024-05-23 via ICSA-24-144-01. Affects 12 specific product configurations across AutomationDirect's Productivity PLC product lines. Vendor has provided specific remediation guidance including software and firmware updates.
Official resources
-
CVE-2024-24955 CVE record
CVE.org
-
CVE-2024-24955 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-23