CVE-2022-2003
Summary
| CVE | CVE-2022-2003 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-31 16:15:00 UTC |
| Updated | 2022-09-06 23:50:00 UTC |
| Description | AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Automationdirect | D0-06aa | - | All | All | All |
| Operating System | Automationdirect | D0-06aa Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06ar | - | All | All | All |
| Operating System | Automationdirect | D0-06ar Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06da | - | All | All | All |
| Operating System | Automationdirect | D0-06da Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06dd1 | - | All | All | All |
| Hardware | Automationdirect | D0-06dd1-d | - | All | All | All |
| Operating System | Automationdirect | D0-06dd1-d Firmware | All | All | All | All |
| Operating System | Automationdirect | D0-06dd1 Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06dd2 | - | All | All | All |
| Hardware | Automationdirect | D0-06dd2-d | - | All | All | All |
| Operating System | Automationdirect | D0-06dd2-d Firmware | All | All | All | All |
| Operating System | Automationdirect | D0-06dd2 Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06dr | - | All | All | All |
| Hardware | Automationdirect | D0-06dr-d | - | All | All | All |
| Operating System | Automationdirect | D0-06dr-d Firmware | All | All | All | All |
| Operating System | Automationdirect | D0-06dr Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| AutomationDirect DirectLOGIC with Ethernet | CISA | CONFIRM | www.cisa.gov | |
| AutomationDirect DirectLOGIC with Serial Communication | CISA | CONFIRM | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Sam Hanson of Dragos reported this vulnerability to CISA.