CVE-2022-2004
Summary
| CVE | CVE-2022-2004 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-31 16:15:00 UTC |
| Updated | 2022-09-06 23:49:00 UTC |
| Description | AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Automationdirect | D0-06aa | - | All | All | All |
| Operating System | Automationdirect | D0-06aa Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06ar | - | All | All | All |
| Operating System | Automationdirect | D0-06ar Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06da | - | All | All | All |
| Operating System | Automationdirect | D0-06da Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06dd1 | - | All | All | All |
| Hardware | Automationdirect | D0-06dd1-d | - | All | All | All |
| Operating System | Automationdirect | D0-06dd1-d Firmware | All | All | All | All |
| Operating System | Automationdirect | D0-06dd1 Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06dd2 | - | All | All | All |
| Hardware | Automationdirect | D0-06dd2-d | - | All | All | All |
| Operating System | Automationdirect | D0-06dd2-d Firmware | All | All | All | All |
| Operating System | Automationdirect | D0-06dd2 Firmware | All | All | All | All |
| Hardware | Automationdirect | D0-06dr | - | All | All | All |
| Hardware | Automationdirect | D0-06dr-d | - | All | All | All |
| Operating System | Automationdirect | D0-06dr-d Firmware | All | All | All | All |
| Operating System | Automationdirect | D0-06dr Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| AutomationDirect DirectLOGIC with Ethernet | CISA | CONFIRM | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Sam Hanson of Dragos reported this vulnerability to CISA.
Legacy QID Mappings
- 591278 AutomationDirect DirectLOGIC with Ethernet Communication Modules Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-167-03)