PatchSiren cyber security CVE debrief
CVE-2024-24959 AutomationDirect CVE debrief
A null-byte write vulnerability in the Programming Software Connection FileSystem API of AutomationDirect Productivity PLCs allows remote attackers to cause heap-based memory corruption via specially crafted network packets. The vulnerability affects multiple CPU models across the Productivity 3000, 2000, and 1000 series running specific firmware and software versions. With a CVSS 3.1 score of 8.2 (HIGH), this vulnerability poses significant risk to industrial control environments due to its network attack vector, low attack complexity, and high availability impact. The vulnerability was disclosed by CISA on May 23, 2024, and is not currently listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Organizations operating AutomationDirect Productivity series PLCs in manufacturing, process control, building automation, and other industrial environments. Security teams responsible for OT/ICS network protection, plant engineers, and system integrators deploying these controllers should prioritize assessment and remediation. Critical infrastructure operators with these devices in production environments face elevated risk due to potential availability impacts on physical processes.
Technical summary
The vulnerability exists in the Programming Software Connection FileSystem API functionality. Specially crafted network packets can trigger a null-byte write condition leading to heap-based memory corruption. The attack requires no authentication and can be executed remotely over the network. Affected firmware versions include 1.2.10.9 (P3-550E, P3-550, P3-530) and 1.2.10.10 (P2-550, P1-550, P1-540). Affected software version is Productivity Suite 4.1.1.10. The vulnerability has high availability impact with low integrity impact and no confidentiality impact per CVSS 3.1 scoring.
Defensive priority
HIGH
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher
- Update Productivity PLC firmware to the latest available version
- Physically disconnect PLCs from external networks including internet and LANs where feasible
- Implement network segmentation to isolate PLCs from other organizational systems
- Deploy firewall rules or network access control policies to restrict PLC traffic
- Conduct thorough network security analysis to determine appropriate security controls for automation environments
- Review AutomationDirect security considerations documentation for additional hardening guidance
Evidence notes
Vulnerability description and affected products confirmed via CISA CSAF advisory ICSA-24-144-01. CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H indicates network-accessible attack with no privileges required. Affected versions include firmware 1.2.10.9 and 1.2.10.10, and Productivity Suite software 4.1.1.10 across P3-550E, P3-550, P3-530, P2-550, P1-550, and P1-540 CPU models.
Official resources
-
CVE-2024-24959 CVE record
CVE.org
-
CVE-2024-24959 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-23