Filtered by vendor Automationdirect
Subscriptions
Filtered by product H2-dm1e Firmware
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43099 | 1 Automationdirect | 1 H2-dm1e Firmware | 2024-09-14 | 8.8 High |
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack. | ||||
CVE-2024-45368 | 1 Automationdirect | 1 H2-dm1e Firmware | 2024-09-14 | 8.8 High |
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication. |
Page 1 of 1.