PT-2022-3522 · Automationdirect · C-More Ea9 Ea9-T6Cl+8
Sam Hanson
·
Published
2022-06-16
·
Updated
2022-09-06
·
CVE-2022-2006
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AutomationDirect DirectLOGIC versions prior to 6.73
AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73
AutomationDirect C-more EA9 EA9-T6CL-R versions prior to 6.73
AutomationDirect C-more EA9 EA9-T7CL versions prior to 6.73
AutomationDirect C-more EA9 EA9-T7CL-R versions prior to 6.73
AutomationDirect C-more EA9 EA9-T8CL versions prior to 6.73
AutomationDirect C-more EA9 EA9-T10CL versions prior to 6.73
AutomationDirect C-more EA9 EA9-T10WCL versions prior to 6.73
AutomationDirect C-more EA9 EA9-T12CL versions prior to 6.73
AutomationDirect C-more EA9 EA9-T15CL versions prior to 6.73
AutomationDirect C-more EA9 EA9-RHMI versions prior to 6.73
AutomationDirect C-more EA9 EA9-PGMSW versions prior to 6.73
Description
The issue is related to a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This vulnerability is associated with an uncontrolled search path element, which can be exploited to execute arbitrary code.
Recommendations
For AutomationDirect DirectLOGIC versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T6CL-R versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T7CL versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T7CL-R versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T8CL versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T10CL versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T10WCL versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T12CL versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-T15CL versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-RHMI versions prior to 6.73, update to version 6.73 or later.
For AutomationDirect C-more EA9 EA9-PGMSW versions prior to 6.73, update to version 6.73 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C-More Ea9 Ea9-Pgmsw
C-More Ea9 Ea9-Rhmi
C-More Ea9 Ea9-T10Cl
C-More Ea9 Ea9-T12Cl
C-More Ea9 Ea9-T15Cl
C-More Ea9 Ea9-T6Cl
C-More Ea9 Ea9-T7Cl
C-More Ea9 Ea9-T8Cl
Directlogic