PT-2022-3143 · Automationdirect · Automationdirect Directlogic D0-06 Series Cpus
Sam Hanson
·
Published
2022-06-16
·
Updated
2022-09-06
·
CVE-2022-2003
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72
Description
The issue is related to a vulnerability that allows an attacker to access the device and make unauthorized changes by sending a specifically crafted serial message to the CPU serial port, causing the PLC to respond with the PLC password in cleartext. This could enable remote attackers to gain unauthorized access to the device by obtaining the password in response to a specially formed message.
Recommendations
For AutomationDirect DirectLOGIC D0-06 series CPUs versions prior to 2.72, update to version 2.72 or later to resolve the issue. As a temporary workaround, consider restricting access to the CPU serial port to minimize the risk of exploitation.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automationdirect Directlogic D0-06 Series Cpus