CVE-2024-24956 AutomationDirect CVE debrief

Who should care

Industrial control system operators, OT security teams, manufacturing security engineers, and organizations using AutomationDirect Productivity series PLCs in production environments. Organizations with remote access to PLC programming interfaces or insufficient network segmentation between IT and OT environments face elevated risk.

Technical summary

The vulnerability exists in the Programming Software Connection FileSystem API functionality. A null-byte write condition can be triggered through specially crafted network packets, leading to heap-based memory corruption. The affected components include the P3-550E CPU firmware 1.2.10.9 and Productivity Suite software 4.1.1.10, with similar versions affected across Productivity 3000, 2000, and 1000 series. The vulnerability is remotely exploitable without authentication, making it critical for internet-exposed or poorly segmented industrial control networks.

Defensive priority

HIGH

Recommended defensive actions

• Update Productivity Suite programming software to version 4.2.0.x or higher
• Update Productivity PLC firmware to the latest available version
• Physically disconnect affected PLCs from external networks including internet and LANs
• Implement network segmentation to isolate PLCs from other organizational systems
• Configure firewall rules or network access control (NAC) policies to block traffic to affected PLCs
• Conduct thorough network security analysis to determine appropriate security level for automation control systems
• Review AutomationDirect security considerations documentation for additional hardening guidance

Evidence notes

Vulnerability disclosed via CISA ICS Advisory ICSA-24-144-01 on 2024-05-23. Affects 12 specific product configurations across Productivity 3000, 2000, and 1000 series CPUs. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H.

Official resources