CVE-2022-2006
AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;
AutomationDirect DirectLOGIC presenta una vulnerabilidad de DLL en el directorio de instalación que puede permitir a un atacante ejecutar código durante el proceso de instalación. Este problema afecta a: AutomationDirect C-more EA9 EA9-T6CL versiones anteriores a 6.73; EA9-T6CL-R versiones anteriores a 6.73; EA9-T7CL versiones anteriores a 6.73; EA9-T7CL-R versiones anteriores a 6.73; EA9-T8CL versiones anteriores a 6. 73; EA9-T10CL versiones anteriores a 6.73; EA9-T10WCL versiones anteriores a 6.73; EA9-T12CL versiones anteriores a 6.73; EA9-T15CL versiones anteriores a 6.73; EA9-RHMI versiones anteriores a 6.73; EA9-PGMSW versiones anteriores a 6.73;
*Credits:
Sam Hanson of Dragos reported this vulnerability to CISA.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-06 CVE Reserved
- 2022-08-31 CVE Published
- 2024-09-17 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01 | 2022-09-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t6cl Firmware Search vendor "Automationdirect" for product "C-more Ea9-t6cl Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t6cl Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t6cl Search vendor "Automationdirect" for product "C-more Ea9-t6cl" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t6cl-r Firmware Search vendor "Automationdirect" for product "C-more Ea9-t6cl-r Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t6cl-r Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t6cl-r Search vendor "Automationdirect" for product "C-more Ea9-t6cl-r" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t7cl Firmware Search vendor "Automationdirect" for product "C-more Ea9-t7cl Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t7cl Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t7cl Search vendor "Automationdirect" for product "C-more Ea9-t7cl" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t7cl-r Firmware Search vendor "Automationdirect" for product "C-more Ea9-t7cl-r Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t7cl-r Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t7cl-r Search vendor "Automationdirect" for product "C-more Ea9-t7cl-r" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t8cl Firmware Search vendor "Automationdirect" for product "C-more Ea9-t8cl Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t8cl Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t8cl Search vendor "Automationdirect" for product "C-more Ea9-t8cl" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t10cl Firmware Search vendor "Automationdirect" for product "C-more Ea9-t10cl Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t10cl Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t10cl Search vendor "Automationdirect" for product "C-more Ea9-t10cl" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t10wcl Firmware Search vendor "Automationdirect" for product "C-more Ea9-t10wcl Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t10wcl Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t10wcl Search vendor "Automationdirect" for product "C-more Ea9-t10wcl" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t12cl Firmware Search vendor "Automationdirect" for product "C-more Ea9-t12cl Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t12cl Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t12cl Search vendor "Automationdirect" for product "C-more Ea9-t12cl" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t15cl Firmware Search vendor "Automationdirect" for product "C-more Ea9-t15cl Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t15cl Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t15cl Search vendor "Automationdirect" for product "C-more Ea9-t15cl" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-t15cl-r Firmware Search vendor "Automationdirect" for product "C-more Ea9-t15cl-r Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-t15cl-r Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-t15cl-r Search vendor "Automationdirect" for product "C-more Ea9-t15cl-r" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-rhmi Firmware Search vendor "Automationdirect" for product "C-more Ea9-rhmi Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-rhmi Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-rhmi Search vendor "Automationdirect" for product "C-more Ea9-rhmi" | - | - |
Safe
|
| Automationdirect Search vendor "Automationdirect" | C-more Ea9-pgmsw Firmware Search vendor "Automationdirect" for product "C-more Ea9-pgmsw Firmware" | < 6.73 Search vendor "Automationdirect" for product "C-more Ea9-pgmsw Firmware" and version " < 6.73" | - |
Affected
| in | Automationdirect Search vendor "Automationdirect" | C-more Ea9-pgmsw Search vendor "Automationdirect" for product "C-more Ea9-pgmsw" | - | - |
Safe
|