Design/Logic Flaw

2022-08-3116:15:00

PRIOn knowledge base

www.prio-n.com

logic flaw

automationdirect

directlogic

plc

vulnerability

crafted message

cleartext password

unauthorized access

nvd

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

CPENameOperatorVersion
d0-06aa_firmwarelt2.72
d0-06ar_firmwarelt2.72
d0-06da_firmwarelt2.72
d0-06dd1-d_firmwarelt2.72
d0-06dd1_firmwarelt2.72
d0-06dd2-d_firmwarelt2.72
d0-06dd2_firmwarelt2.72
d0-06dr-d_firmwarelt2.72
d0-06dr_firmwarelt2.72

Name	Operator	Version
d0-06aa_firmware	lt	2.72
d0-06ar_firmware	lt	2.72
d0-06da_firmware	lt	2.72
d0-06dd1-d_firmware	lt	2.72
d0-06dd1_firmware	lt	2.72
d0-06dd2-d_firmware	lt	2.72
d0-06dd2_firmware	lt	2.72
d0-06dr-d_firmware	lt	2.72
d0-06dr_firmware	lt	2.72