CVE-2022-2004

Published: Aug 31, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

Affected (9)

Products: Automationdirect: D0 06dd1 Firmware, D0 06dd2 Firmware, D0 06dr Firmware, D0 06da Firmware, D0 06ar Firmware, D0 06aa Firmware, D0 06dd1 D Firmware, D0 06dd2 D Firmware, D0 06dr D Firmware

9 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd1 Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd2 Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dr Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dr	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06da Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06da	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06ar Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06ar	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06aa Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06aa	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd1 D Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd1 D	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dd2 D Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dd2 D	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Automationdirect D0 06dr D Firmware	Before 2.72

Running on/with	Platform Versions
Automationdirect D0 06dr D	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.