CVE-2024-23601

Published May 28, 2024

Last updated 12 days ago

CVSS critical 9.8

Overview

Description: A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Source: talos-cna@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

talos-cna@cisco.com: CWE-345
nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:p3-550e_firmware:1.2.10.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A393F14-3BD3-44DE-B06F-9235AB62C68F"
          },
          {
            "criteria": "cpe:2.3:o:automationdirect:p3-550e_firmware:4.1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A4772E7-8788-4DB5-98CE-25F0255E0386"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:p3-550e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5086EF1F-C3CE-4B5F-A352-67CE332A6C4F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:p3-550_firmware:1.2.10.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC227F17-D280-4C74-A73E-8F92158686BE"
          },
          {
            "criteria": "cpe:2.3:o:automationdirect:p3-550_firmware:4.1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC4A2E2-DF6D-427A-88E6-54FD6D11BDFC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:p3-550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BB4DDF3B-AB0E-4DDD-9865-D4EEDCCA78DE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:p3-530_firmware:1.2.10.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0462A9CE-4EAA-4C12-9147-F530C42328D3"
          },
          {
            "criteria": "cpe:2.3:o:automationdirect:p3-530_firmware:4.1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8277A48-94C7-40F3-A822-F6311B2CDA94"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:p3-530:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D58D4140-C719-4EDA-8963-667F9FF21970"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:p2-550_firmware:1.2.10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAF96AFD-40E3-4FB6-BAD7-067D9E257A08"
          },
          {
            "criteria": "cpe:2.3:o:automationdirect:p2-550_firmware:4.1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D476CC45-B4A1-4210-9347-9854BB0A86AA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:p2-550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "386D70E8-70D6-4D25-818C-2218E1B1AC6C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:p1-550_firmware:1.2.10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B7F3A1F-BD96-49A7-A340-0E5E1893326C"
          },
          {
            "criteria": "cpe:2.3:o:automationdirect:p1-550_firmware:4.1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27710A58-507C-43BB-849F-7238F5D6D9ED"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:p1-550:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8FAF2C99-BC5F-4E99-A3A8-FBBDDC24C933"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:p1-540_firmware:1.2.10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01C6DFFC-374B-4314-9230-53BD01BD6574"
          },
          {
            "criteria": "cpe:2.3:o:automationdirect:p1-540_firmware:4.1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51095762-A87C-4A1D-A4E2-679462DC8FA9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:p1-540:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4DB6B9FC-390E-43FD-9DF9-AAB1A9CDAA48"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References