Vulnerabilities (CVE)

Filtered by vendor Automationdirect Subscribe
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-24963 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 9.8 CRITICAL
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e84` of v1.2.10.9 of the P3-550E firmware.
CVE-2024-24962 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 9.8 CRITICAL
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.This CVE tracks the stack-based buffer overflow that occurs at offset `0xb6e98` of v1.2.10.9 of the P3-550E firmware.
CVE-2024-24959 1 Automationdirect 2 P3-550e, P3-550e Firmware 2026-06-17 N/A 8.2 HIGH
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6c18`.
CVE-2024-24958 1 Automationdirect 2 P3-550e, P3-550e Firmware 2026-06-17 N/A 8.2 HIGH
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6bdc`.
CVE-2024-24957 1 Automationdirect 2 P3-550e, P3-550e Firmware 2026-06-17 N/A 8.2 HIGH
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`.
CVE-2024-24956 1 Automationdirect 2 P3-550e, P3-550e Firmware 2026-06-17 N/A 8.2 HIGH
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6a38`.
CVE-2024-24955 1 Automationdirect 2 P3-550e, P3-550e Firmware 2026-06-17 N/A 8.2 HIGH
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69fc`.
CVE-2024-24954 1 Automationdirect 2 P3-550e, P3-550e Firmware 2026-06-17 N/A 8.2 HIGH
Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69c8`.
CVE-2024-24947 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 8.2 HIGH
A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb68c4` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations.
CVE-2024-24946 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 8.2 HIGH
A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations.
CVE-2024-24851 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 7.5 HIGH
A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2024-23601 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 9.8 CRITICAL
A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2024-23315 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 7.5 HIGH
A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2024-22187 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 9.1 CRITICAL
A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2024-21785 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 9.8 CRITICAL
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2024-11611 1 Automationdirect 18 C-more Ea9-rhmi, C-more Ea9-rhmi Firmware, C-more Ea9-t10cl and 15 more 2026-06-17 N/A 7.8 HIGH
AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24774.
CVE-2024-11610 1 Automationdirect 18 C-more Ea9-rhmi, C-more Ea9-rhmi Firmware, C-more Ea9-t10cl and 15 more 2026-06-17 N/A 7.8 HIGH
AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24773.
CVE-2024-11609 1 Automationdirect 18 C-more Ea9-rhmi, C-more Ea9-rhmi Firmware, C-more Ea9-t10cl and 15 more 2026-06-17 N/A 7.8 HIGH
AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24772.
CVE-2022-2485 1 Automationdirect 20 Sio-mb04ads, Sio-mb04ads Firmware, Sio-mb04das and 17 more 2026-06-17 N/A 9.6 CRITICAL
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
CVE-2022-2006 1 Automationdirect 24 C-more Ea9-pgmsw, C-more Ea9-pgmsw Firmware, C-more Ea9-rhmi and 21 more 2026-06-17 N/A 7.8 HIGH
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;