9.8

CVE-2024-21785

Exploit
A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AutomationdirectP3-550e Firmware Version1.2.10.9
   AutomationdirectP3-550e Version-
AutomationdirectP3-550e Firmware Version4.1.1.10
   AutomationdirectP3-550e Version-
AutomationdirectP3-550 Firmware Version1.2.10.9
   AutomationdirectP3-550 Version-
AutomationdirectP3-550 Firmware Version4.1.1.10
   AutomationdirectP3-550 Version-
AutomationdirectP3-530 Firmware Version1.2.10.9
   AutomationdirectP3-530 Version-
AutomationdirectP3-530 Firmware Version4.1.1.10
   AutomationdirectP3-530 Version-
AutomationdirectP2-550 Firmware Version1.2.10.10
   AutomationdirectP2-550 Version-
AutomationdirectP2-550 Firmware Version4.1.1.10
   AutomationdirectP2-550 Version-
AutomationdirectP1-550 Firmware Version1.2.10.10
   AutomationdirectP1-550 Version-
AutomationdirectP1-550 Firmware Version4.1.1.10
   AutomationdirectP1-550 Version-
AutomationdirectP1-540 Firmware Version1.2.10.10
   AutomationdirectP1-540 Version-
AutomationdirectP1-540 Firmware Version4.1.1.10
   AutomationdirectP1-540 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1% 0.763
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
talos-cna@cisco.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.