CVE-2022-2004

Summary

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

Affected Software

VendorProductVersion RangeStatus
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06DD1 < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06DD2 < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06DR < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06DA < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06AR < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06AA < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06DD1-D < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06DD2-D < 2.72affected
AutomationDirectDirectLOGIC D0-06 series CPUsD0-06DR-D < 2.72affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References