Lucene search

IcscertCVELIST:CVE-2022-2004

HistoryAug 31, 2022 - 3:59 p.m.

CVE-2022-2004 AutomationDirect DirectLOGIC with Ethernet Communication Uncontrolled Resource Consumption

2022-08-3115:59:33

CWE-400

icscert

www.cve.org

automationdirect directlogic

uncontrolled resource consumption

d0-06 series cpus

d0-06dd1

d0-06dd2

d0-06dr

d0-06da

d0-06ar

d0-06aa

d0-06dd1-d

d0-06dd2-d

d0-06dr-d

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.1%

JSON

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

CNA Affected

[
  {
    "product": "DirectLOGIC D0-06 series CPUs",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD1",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD2",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DR",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DA",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06AR",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06AA",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD1-D",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD2-D",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DR-D",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-167-03

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.1%

JSON

Related for CVELIST:CVE-2022-2004