A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Six years. Gartner® Magic Quadrant™ Leader.Find Out Why
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-24955

CVE-2024-24955: P3-550E Firmware Buffer Overflow Flaw

CVE-2024-24955 is a buffer overflow vulnerability in AutomationDirect P3-550E firmware affecting version 1.2.10.9. Attackers can exploit this heap-based memory corruption flaw via crafted packets. This article covers technical details, affected versions, impact, and mitigation strategies.

Published: June 2, 2026

CVE-2024-24955 Overview

CVE-2024-24955 is an out-of-bounds write vulnerability in the Programming Software Connection FileSystem API of the AutomationDirect P3-550E programmable logic controller running firmware version 1.2.10.9. Specially crafted network packets trigger heap-based memory corruption through an arbitrary null-byte write at offset 0xb69fc in the firmware. An unauthenticated attacker on the network can send malicious packets to corrupt heap memory and disrupt controller operation. The flaw is classified as [CWE-787] (Out-of-bounds Write) and primarily impacts the availability of the industrial controller.

Critical Impact

Unauthenticated network attackers can trigger heap corruption on the P3-550E PLC, leading to denial of service of industrial control operations.

Affected Products

  • AutomationDirect P3-550E PLC (hardware)
  • AutomationDirect P3-550E firmware version 1.2.10.9
  • Programming Software Connection FileSystem API component

Discovery Timeline

  • 2024-05-28 - CVE-2024-24955 published to NVD
  • 2025-02-12 - Last updated in NVD database

Technical Details for CVE-2024-24955

Vulnerability Analysis

The vulnerability resides in the Programming Software Connection FileSystem API exposed by the P3-550E firmware. The API parses network packets that direct file-system operations on the controller. Improper validation of attacker-controlled fields allows a write of a null byte (0x00) outside the bounds of an allocated heap buffer. The arbitrary null-byte write originates at firmware offset 0xb69fc. Corrupting heap metadata or adjacent objects produces unpredictable controller behavior and a high impact on availability. The integrity impact is limited because the primitive writes a single null byte rather than attacker-controlled data.

Root Cause

The root cause is missing bounds checking on an index or length field consumed by the FileSystem API handler. The handler computes a destination address using untrusted input from the network packet and writes a null terminator without verifying that the destination lies inside the allocated buffer. This is a textbook [CWE-787] flaw in C-based embedded firmware.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. An attacker with network reachability to the PLC sends a crafted packet to the Programming Software Connection service. The malformed request triggers the out-of-bounds null-byte write during FileSystem API processing, corrupting heap memory in the controller.

No public proof-of-concept has been released. See the Talos Intelligence Vulnerability Report for the technical write-up describing the affected code path.

Detection Methods for CVE-2024-24955

Indicators of Compromise

  • Unexpected restarts, watchdog resets, or fault states reported by the P3-550E controller
  • Loss of communication with the PLC during or after Programming Software Connection sessions from unknown hosts
  • Anomalous TCP sessions from non-engineering workstations targeting the Programming Software Connection service port

Detection Strategies

  • Deploy network intrusion detection signatures that inspect Programming Software Connection FileSystem API requests for malformed length and offset fields
  • Baseline legitimate engineering-workstation traffic to the PLC and alert on deviations in source IP, packet size, or session frequency
  • Correlate PLC fault events from historian or SCADA logs with concurrent network activity to the controller

Monitoring Recommendations

  • Forward PLC diagnostic events and SCADA alarms into a centralized SIEM for correlation with network telemetry
  • Capture full packet captures on OT network taps between engineering workstations and P3-550E controllers for forensic review
  • Monitor for new or unauthorized hosts initiating connections to the Programming Software Connection service

How to Mitigate CVE-2024-24955

Immediate Actions Required

  • Restrict network access to the P3-550E so only authorized engineering workstations can reach the Programming Software Connection service
  • Place the PLC behind an OT firewall or data diode that enforces strict allowlists for source IPs and protocols
  • Inventory all P3-550E devices running firmware 1.2.10.9 and prioritize them for vendor-supplied updates
  • Contact AutomationDirect support to confirm availability of a fixed firmware release

Patch Information

AutomationDirect has not published a vendor advisory URL in the NVD record. Operators should consult the Talos Intelligence Vulnerability Report TALOS-2024-1938 and contact AutomationDirect directly for firmware versions later than 1.2.10.9 that remediate the FileSystem API bounds checks.

Workarounds

  • Segment the PLC into a dedicated OT VLAN isolated from corporate IT networks and the internet
  • Disable or block the Programming Software Connection service when programming sessions are not actively required
  • Enforce VPN or jump-host access for engineers performing remote programming, and log all sessions
  • Apply ICS-aware deep packet inspection at the OT perimeter to drop malformed FileSystem API requests
bash
# Example firewall rule restricting Programming Software Connection access
# Replace <ENG_WS_IP> with the engineering workstation address and <PLC_IP> with the P3-550E
iptables -A FORWARD -s <ENG_WS_IP> -d <PLC_IP> -p tcp -j ACCEPT
iptables -A FORWARD -d <PLC_IP> -p tcp -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeBuffer Overflow
  • Vendor/TechAutomationdirect
  • SeverityHIGH
  • CVSS Score8.2
  • EPSS Probability0.23%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-787
  • Technical References
  • Talos Intelligence Vulnerability Report
  • Talos Intelligence Vulnerability Report
  • Related CVEs
  • CVE-2024-24851: P3-550E Firmware Buffer Overflow Flaw
  • CVE-2024-23601: Automationdirect P3-550e Firmware RCE Flaw
  • CVE-2024-22187: Automationdirect P3-550e Firmware RCE
  • CVE-2024-21785: AutomationDirect P3-550E Auth Bypass Flaw
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English