CVE-2024-23601
CRITICALDescription
A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Is your site exposed to CVE-2024-23601?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| automationdirect | p3-550e_firmware |
| automationdirect | p3-550e_firmware |
| automationdirect | p3-550e |
| automationdirect | p3-550_firmware |
| automationdirect | p3-550_firmware |
| automationdirect | p3-550 |
| automationdirect | p3-530_firmware |
| automationdirect | p3-530_firmware |
| automationdirect | p3-530 |
| automationdirect | p2-550_firmware |
| automationdirect | p2-550_firmware |
| automationdirect | p2-550 |
| automationdirect | p1-550_firmware |
| automationdirect | p1-550_firmware |
| automationdirect | p1-550 |
| automationdirect | p1-540_firmware |
| automationdirect | p1-540_firmware |
| automationdirect | p1-540 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-23601? +
How severe is CVE-2024-23601? +
What products are affected by CVE-2024-23601? +
How do I check if I'm vulnerable to CVE-2024-23601? +
Related Vulnerabilities
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed …
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, …
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated …
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege …
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior …
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in …