9 matches found
CVE-2024-45368
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
CVE-2024-45368
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
CVE-2024-45368
CVE-2024-45368 affects AutomationDirect DirectLogic H2-DM1E PLC (versions 2.8.0 and earlier). The vulnerability stems from an authentication protocol that may accept multiple distinct packets as valid responses, enabling potential session hijacking or bypass. Reports cite session fixation and aut...
CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...
CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...
CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...
AutomationDirect DirectLogic H2-DM1E 安全漏洞
AutomationDirect DirectLogic H2-DM1E is a programmable logic controller from AutomationDirect. A security vulnerability exists in AutomationDirect DirectLogic H2-DM1E version 2.8.0 and prior versions, which stems from the presence of a session hijacking attack that allows an attacker to inject...
AutomationDirect DirectLogic H2-DM1E
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : AutomationDirect Equipment : DirectLogic H2-DM1E Vulnerabilities : Session Fixation, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of...