CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

AutomationDirect DirectLogic H2-DM1E 安全漏洞

AutomationDirect DirectLogic H2-DM1E is a programmable logic controller from AutomationDirect. A security vulnerability exists in AutomationDirect DirectLogic H2-DM1E version 2.8.0 and prior versions, which stems from the presence of a session hijacking attack that allows an attacker to inject...

AutomationDirect DirectLogic H2-DM1E

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : AutomationDirect Equipment : DirectLogic H2-DM1E Vulnerabilities : Session Fixation, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of...