Lucene search

IcscertCVELIST:CVE-2022-2004

HistoryJun 16, 2022 - 12:00 a.m.

CVE-2022-2004 AutomationDirect DirectLOGIC with Ethernet Communication Uncontrolled Resource Consumption

2022-06-1600:00:00

CWE-400

icscert

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.1%

JSON

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

CNA Affected

[
  {
    "product": "DirectLOGIC D0-06 series CPUs",
    "vendor": "AutomationDirect",
    "versions": [
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD1",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD2",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DR",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DA",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06AR",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06AA",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD1-D",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DD2-D",
        "versionType": "custom"
      },
      {
        "lessThan": "2.72",
        "status": "affected",
        "version": "D0-06DR-D",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-167-03

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for CVELIST:CVE-2022-2004