PatchSiren cyber security CVE debrief
CVE-2024-24962 AutomationDirect CVE debrief
A critical stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect Productivity PLCs. The vulnerability, published on 2024-05-23, allows unauthenticated remote attackers to trigger stack-based buffer overflow conditions via specially crafted network packets. This affects multiple Productivity series CPUs across firmware versions 1.2.10.9/1.2.10.10 and Productivity Suite software version 4.1.1.10. The vulnerability is network-accessible without authentication, enabling potential remote code execution with high impact to confidentiality, integrity, and availability.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Organizations operating AutomationDirect Productivity series PLCs in manufacturing, industrial automation, and critical infrastructure environments. Security teams responsible for OT/ICS network protection, plant engineers, and system integrators deploying these controllers should prioritize assessment and remediation.
Technical summary
The vulnerability resides in the FileSelect functionality within the Programming Software Connection component of AutomationDirect Productivity PLCs. An unauthenticated attacker can send a specially crafted network packet to trigger a stack-based buffer overflow. The affected products include Productivity 3000 series (P3-550E, P3-550, P3-530), Productivity 2000 series (P2-550), and Productivity 1000 series (P1-550, P1-540) CPUs running firmware versions 1.2.10.9 or 1.2.10.10, with Productivity Suite software version 4.1.1.10. The network-accessible attack vector requires no authentication or user interaction, resulting in a CVSS 3.1 score of 9.8 (Critical).
Defensive priority
critical
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher
- Update Productivity PLC firmware to the latest available version
- Physically disconnect affected PLCs from external networks including internet and LANs where patching is not immediately feasible
- Implement network segmentation to isolate affected PLCs from other organizational systems
- Deploy firewall rules or network access control (NAC) policies to restrict traffic to affected PLCs
- Conduct thorough network security analysis to determine appropriate security controls for automation control system environments
- Review AutomationDirect security considerations documentation for additional hardening guidance
Evidence notes
Vulnerability disclosed via CISA ICS Advisory ICSA-24-144-01. Affects 12 specific product configurations across AutomationDirect Productivity 3000, 2000, and 1000 series CPUs. CVSS 3.1 score of 9.8 reflects network attack vector with low complexity, no privileges required, and high impact across CIA triad.
Official resources
-
CVE-2024-24962 CVE record
CVE.org
-
CVE-2024-24962 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-23