CVE-2024-23315

A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yZ72AI/sa00037
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1941
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1941

Configurations

No configuration.

History

10 Jun 2024, 18:15

Type	Values Removed	Values Added
References		() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1941 -

29 May 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de lectura en qué lugar en la funcionalidad de lectura de memoria IMM 01A1 de la conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente manipulado puede dar lugar a la divulgación de información confidencial. Un atacante puede enviar un paquete no autenticado para desencadenar esta vulnerabilidad.
References		() https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yZ72AI/sa00037 -

28 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-28 16:15

Updated : 2024-06-10 18:15

NVD link : CVE-2024-23315

Mitre link : CVE-2024-23315

CVE.ORG link : CVE-2024-23315

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

7.5 /10