PatchSiren cyber security CVE debrief
CVE-2024-24963 AutomationDirect CVE debrief
A critical stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect Productivity PLCs. The vulnerability, published on 2024-05-23, affects multiple CPU models across the Productivity 3000, 2000, and 1000 series running specific firmware and software versions. An unauthenticated attacker can trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution. The CVSS 3.1 score of 9.8 reflects network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.
- Vendor
- AutomationDirect
- Product
- Productivity 3000 P3-550E CPU
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-23
- Original CVE updated
- 2024-05-23
- Advisory published
- 2024-05-23
- Advisory updated
- 2024-05-23
Who should care
Organizations operating AutomationDirect Productivity series PLCs in manufacturing, process control, or industrial automation environments. Critical infrastructure operators with these devices deployed in production networks. OT security teams responsible for PLC security posture and patch management. System integrators and engineering firms designing networks with these controllers.
Technical summary
The vulnerability resides in the FileSelect functionality within the Programming Software Connection component of affected AutomationDirect PLCs. The stack-based buffer overflow can be triggered by unauthenticated network packets, indicating insufficient input validation on network-facing services. Affected models span Productivity 3000 (P3-550E, P3-550, P3-530), Productivity 2000 (P2-550), and Productivity 1000 (P1-550, P1-540) series with specific firmware versions 1.2.10.9/1.2.10.10 and software version 4.1.1.10. The network-accessible attack surface combined with no authentication requirement creates a severe exposure for operational technology environments.
Defensive priority
critical
Recommended defensive actions
- Update Productivity Suite programming software to version 4.2.0.x or higher on all affected systems
- Update Productivity PLC firmware to the latest available version
- Physically disconnect affected PLCs from external networks including internet and LANs where immediate patching is not feasible
- Implement network segmentation to isolate affected PLCs from other organizational systems
- Configure firewall rules or network access control policies to block unauthorized traffic to affected PLCs
- Conduct thorough network security analysis to determine appropriate security controls for automation control system environments
- Review AutomationDirect security considerations documentation for additional hardening guidance
- Contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for assistance with remediation
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSA-24-144-01. Affected products identified through CSAF product tree with 12 distinct product configurations across 6 CPU models. Vendor remediation guidance explicitly recommends software updates to version 4.2.0.x or higher and firmware updates to latest versions.
Official resources
-
CVE-2024-24963 CVE record
CVE.org
-
CVE-2024-24963 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-23