CVE-2024-21785

Published: May 28, 2024Modified: Feb 12, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: CNA (Secondary)

Description

A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.

Affected (12)

Products: Automationdirect: P3 550e Firmware, P3 550 Firmware, P3 530 Firmware, P2 550 Firmware, P1 550 Firmware, P1 540 Firmware

6 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect P3 550e Firmware	Version 1.2.10.9
Automationdirect P3 550e Firmware	Version 4.1.1.10

Running on/with	Platform Versions
Automationdirect P3 550e	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect P3 550 Firmware	Version 1.2.10.9
Automationdirect P3 550 Firmware	Version 4.1.1.10

Running on/with	Platform Versions
Automationdirect P3 550	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect P3 530 Firmware	Version 1.2.10.9
Automationdirect P3 530 Firmware	Version 4.1.1.10

Running on/with	Platform Versions
Automationdirect P3 530	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect P2 550 Firmware	Version 1.2.10.10
Automationdirect P2 550 Firmware	Version 4.1.1.10

Running on/with	Platform Versions
Automationdirect P2 550	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect P1 550 Firmware	Version 1.2.10.10
Automationdirect P1 550 Firmware	Version 4.1.1.10

Running on/with	Platform Versions
Automationdirect P1 550	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect P1 540 Firmware	Version 1.2.10.10
Automationdirect P1 540 Firmware	Version 4.1.1.10

Running on/with	Platform Versions
Automationdirect P1 540	All versions

Related CWEs

CWE-489

Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References (6)

https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038

Source: talos-cna@cisco.com

Vendor Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1942

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1942

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1942

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1942

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.