Filtered by vendor Automationdirect
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24963 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware. | ||||
| CVE-2024-24962 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 9.8 Critical |
| A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware. | ||||
| CVE-2024-24959 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6c18`. | ||||
| CVE-2024-24958 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6bdc`. | ||||
| CVE-2024-24957 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`. | ||||
| CVE-2024-24956 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6a38`. | ||||
| CVE-2024-24955 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69fc`. | ||||
| CVE-2024-24954 | 1 Automationdirect | 2 P3-550e, P3-550e Firmware | 2025-02-13 | 8.2 High |
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69c8`. | ||||
| CVE-2024-24947 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 8.2 High |
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb68c4` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. | ||||
| CVE-2024-24946 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 8.2 High |
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. | ||||
| CVE-2024-24851 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 7.5 High |
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability. | ||||
| CVE-2024-23601 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 9.8 Critical |
| A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-23315 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 7.5 High |
| A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability. | ||||
| CVE-2024-22187 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 9.1 Critical |
| A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability. | ||||
| CVE-2024-21785 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2025-02-13 | 9.8 Critical |
| A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2022-2485 | 1 Automationdirect | 20 Sio-mb04ads, Sio-mb04ads Firmware, Sio-mb04das and 17 more | 2024-11-21 | 9.6 Critical |
| Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | ||||
| CVE-2022-2006 | 1 Automationdirect | 24 C-more Ea9-pgmsw, C-more Ea9-pgmsw Firmware, C-more Ea9-rhmi and 21 more | 2024-11-21 | 7.8 High |
| AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; | ||||
| CVE-2022-2005 | 1 Automationdirect | 24 C-more Ea9-pgmsw, C-more Ea9-pgmsw Firmware, C-more Ea9-rhmi and 21 more | 2024-11-21 | 7.5 High |
| AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; | ||||
| CVE-2022-2004 | 1 Automationdirect | 18 D0-06aa, D0-06aa Firmware, D0-06ar and 15 more | 2024-11-21 | 7.5 High |
| AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; | ||||
| CVE-2022-2003 | 1 Automationdirect | 18 D0-06aa, D0-06aa Firmware, D0-06ar and 15 more | 2024-11-21 | 7.7 High |
| AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; | ||||