CVE-2022-2003

Published: Aug 31, 2022Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

Affected (9)

Products: Automationdirect: D0 06dd1 Firmware, D0 06dd2 Firmware, D0 06dr Firmware, D0 06da Firmware, D0 06ar Firmware, D0 06aa Firmware, D0 06dd1 D Firmware, D0 06dd2 D Firmware, D0 06dr D Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd1 Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd2 Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dr Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dr	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06da Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06da	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06ar Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06ar	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06aa Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06aa	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd1 D Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd1 D	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd2 D Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd2 D	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dr D Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dr D	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.