CVE-2022-2004
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06DD1 < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06DD2 < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06DR < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06DA < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06AR < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06AA < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06DD1-D < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06DD2-D < 2.72 | affected |
| AutomationDirect | DirectLOGIC D0-06 series CPUs | D0-06DR-D < 2.72 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.