Sign-up

ID

VAR-202405-1997


CVE

CVE-2024-22187


TITLE

AutomationDirect P3-550E Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-34889

DESCRIPTION

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability. AutomationDirect P3-550E is a programmable control system (PLC) of AutomationDirect, Inc. of the United States

Trust: 1.44

sources: NVD: CVE-2024-22187 // CNVD: CNVD-2024-34889

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-34889

AFFECTED PRODUCTS

vendor:automationdirectmodel:p3-550escope:eqversion:1.2.10.9

Trust: 0.6

sources: CNVD: CNVD-2024-34889

CVSS

SEVERITY

CVSSV2

CVSSV3

talos-cna@cisco.com: CVE-2024-22187
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2024-34889
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-34889
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2024-22187
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-34889 // NVD: CVE-2024-22187

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2024-22187

PATCH

title:Patch for AutomationDirect P3-550E Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/576376

Trust: 0.6

sources: CNVD: CNVD-2024-34889

EXTERNAL IDS

db:NVDid:CVE-2024-22187

Trust: 1.6

db:TALOSid:TALOS-2024-1940

Trust: 1.6

db:CNVDid:CNVD-2024-34889

Trust: 0.6

sources: CNVD: CNVD-2024-34889 // NVD: CVE-2024-22187

REFERENCES

url:https://talosintelligence.com/vulnerability_reports/talos-2024-1940

Trust: 1.6

url:https://community.automationdirect.com/s/internal-database-security-advisory/a4gpe0000003yxv2ay/sa00036

Trust: 1.0

url:https://www.talosintelligence.com/vulnerability_reports/talos-2024-1940

Trust: 1.0

sources: CNVD: CNVD-2024-34889 // NVD: CVE-2024-22187

SOURCES

db:CNVDid:CNVD-2024-34889
db:NVDid:CVE-2024-22187

LAST UPDATE DATE

2024-08-15T12:52:56.815000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-34889date:2024-08-08T00:00:00
db:NVDid:CVE-2024-22187date:2024-06-10T18:15:25.660

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-34889date:2024-08-08T00:00:00
db:NVDid:CVE-2024-22187date:2024-05-28T16:15:12.330