CVE-2022-2003

CVE-2022-2003 affects AutomationDirect DirectLOGIC D0-06 series CPUs (D0-06DD1/2/DR/DA/AR/AA and variants) with serial communication prior to firmware version 2.72. Root cause: a specially crafted serial message to the CPU serial port elicits the PLC to respond with the PLC password in cleartext,...

CVE-2022-2004 AutomationDirect DirectLOGIC with Ethernet Communication Uncontrolled Resource Consumption

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to...

CVE-2022-2004 AutomationDirect DirectLOGIC with Ethernet Communication Uncontrolled Resource Consumption

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to...

CVE-2022-2004

The CVE-2022-2004 issue affects AutomationDirect DirectLOGIC D0-06 series CPUs (including D0-06DD1/2/DR/DA/AR/AA and related D0-06DD1-D/D- variants) prior to firmware version 2.72. A specially crafted network packet can exhaust resources in Ethernet modules (H0-ECOM/H0-ECOM100 and related hardwar...

CVE-2022-2005

AutomationDirect C-more EA9 HMI contains a vulnerability in its HTTP webserver that transmits credentials in an insecure, cleartext-like mechanism. Affected products include EA9-T6CL/6CL-R, T7CL/7CL-R, T8CL, T10CL/T10WCL, T12CL, T15CL/T15CL-R, RHMI, PGMSW prior to firmware 6.73. Exploitation coul...

CVE-2022-2005 AutomationDirect C-more EA9 HMI Cleartext Transmission

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

CVE-2022-2006

CVE-2022-2006 affects AutomationDirect C-more EA9 family (EA9-T6CL/EA9-T6CL-R/EA9-T7CL/EA9-T7CL-R/EA9-T8CL/EA9-T10CL/EA9-T10WCL/EA9-T12CL/EA9-T15CL/EA9-T15CL-R/EA9-RHMI/EA9-PGMSW) and DirectLOGIC prior to firmware 6.73. Root cause: DLL vulnerability in the install directory with an uncontrolled s...

CVE-2022-2006 AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

CVE-2022-2005 AutomationDirect C-more EA9 HMI Cleartext Transmission

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

CVE-2022-2006 AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

PT-2022-16924 · Automationdirect · Automationdirect Stride Field I/O

Name of the Vulnerable Software and Affected Versions: AutomationDirect Stride Field I/O affected versions not specified Description: The issue allows any attempt to log into the device with a web browser to potentially receive the device's password in the communication packets. Recommendations: ...

多款AutomationDirect产品安全漏洞

AutomationDirect C-more EA9 HMI and so on are products of AutomationDirect, Inc.AutomationDirect C-more EA9 HMI is a series of touch screen panels.AutomationDirect DirectLOGIC is a programmable logic AutomationDirect SIO-MB04RTDS is a programmable logic controller. A security vulnerability exists...

AutomationDirect Stride Field I/O

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Stride Field I/O Vulnerability: Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

VulnCheck KEV: CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect...

The vulnerability of the DLL library of the Microprogramming Software for Sensor Panels from AutomationDirect C-More series EA9 HMI allows a hacker to execute arbitrary code during the installation process.

The vulnerability of the DLL library of C-More sensor panel microprogramming systems series EA9 HMI is related to an uncontrolled search path element. Exploiting this vulnerability could allow a attacker to execute arbitrary code during the installation process...

The vulnerability in the HTTP server of the microprogramming software for AutomationDirect C-More series of touchscreen HMI devices allows a hacker to disclose protected information.

The vulnerability of the HTTP server of the C-More EA9 HMI series of touchscreen software solutions is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that is protected by the system...

AutomationDirect DirectLOGIC 安全漏洞

AutomationDirect DirectLOGIC is a programmable logic controller from AutomationDirect, Inc. A security vulnerability in AutomationDirect DirectLOGIC, which can be exploited by an attacker to cause loss of sensitive device information, unauthorized changes, and denial of service conditions, affect...

AutomationDirect C-more EA9 HMI 代码问题漏洞

AutomationDirect DirectLOGIC is a programmable logic controller from AutomationDirect, Inc. A code issue vulnerability exists in the AutomationDirect C-more EA9 HMI that stems from a security issue in the installation directory that could allow an attacker to execute code during installation and...

PT-2022-3487 · Automationdirect · C-More Ea9

Name of the Vulnerable Software and Affected Versions: AutomationDirect C-more EA9 versions prior to 6.73 Description: The issue is related to the insecure mechanism used by the AutomationDirect C-more EA9 HTTP webserver to transport credentials from the client to the web server. This may allow a...

PT-2022-3044 · Automationdirect · H0-Ecom +3

Name of the Vulnerable Software and Affected Versions: AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72 Description: The issue is related to an uncontrolled resource consumption in the communication modules H0-ECOM and H0-ECOM100 Ethernet controllers of DirectLOGIC. An attack...