CVE-2022-2003

AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

AutomationDirect DirectLOGIC es vulnerable a un mensaje serie específicamente diseñado para el puerto serie de la CPU que causará que el PLC responda con la contraseña del PLC en texto sin cifrar. Esto podría permitir a un atacante acceder y realizar cambios no autorizados. Este problema afecta a: CPUs de la serie D0-06 de AutomationDirect D0-06DD1 versiones anteriores a 2.72; D0-06DD2 versiones anteriores a 2.72; D0-06DR versiones anteriores a 2.72; D0-06DA versiones anteriores a 2.72; D0-06AR versiones anteriores a 2.72; D0-06AA versiones anteriores a 2.72; D0-06DD1-D versiones anteriores a 2.72; D0-06DD2-D versiones anteriores a 2.72; D0-06DR-D versiones anteriores a 2.72

*Credits: Sam Hanson of Dragos reported this vulnerability to CISA.

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-06 CVE Reserved
2022-08-31 CVE Published
2024-02-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02	2022-09-06
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03	2022-09-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Automationdirect Search vendor "Automationdirect"	D0-06dd1 Firmware Search vendor "Automationdirect" for product "D0-06dd1 Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06dd1 Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06dd1 Search vendor "Automationdirect" for product "D0-06dd1"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06dd2 Firmware Search vendor "Automationdirect" for product "D0-06dd2 Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06dd2 Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06dd2 Search vendor "Automationdirect" for product "D0-06dd2"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06dr Firmware Search vendor "Automationdirect" for product "D0-06dr Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06dr Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06dr Search vendor "Automationdirect" for product "D0-06dr"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06da Firmware Search vendor "Automationdirect" for product "D0-06da Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06da Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06da Search vendor "Automationdirect" for product "D0-06da"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06ar Firmware Search vendor "Automationdirect" for product "D0-06ar Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06ar Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06ar Search vendor "Automationdirect" for product "D0-06ar"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06aa Firmware Search vendor "Automationdirect" for product "D0-06aa Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06aa Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06aa Search vendor "Automationdirect" for product "D0-06aa"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06dd1-d Firmware Search vendor "Automationdirect" for product "D0-06dd1-d Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06dd1-d Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06dd1-d Search vendor "Automationdirect" for product "D0-06dd1-d"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06dd2-d Firmware Search vendor "Automationdirect" for product "D0-06dd2-d Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06dd2-d Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06dd2-d Search vendor "Automationdirect" for product "D0-06dd2-d"	-	-	Safe
Automationdirect Search vendor "Automationdirect"	D0-06dr-d Firmware Search vendor "Automationdirect" for product "D0-06dr-d Firmware"	< 2.72 Search vendor "Automationdirect" for product "D0-06dr-d Firmware" and version " < 2.72"	-	Affected	in	Automationdirect Search vendor "Automationdirect"	D0-06dr-d Search vendor "Automationdirect" for product "D0-06dr-d"	-	-	Safe