{"containers": {"cna": {"affected": [{"product": "DirectLOGIC D0-06 series CPUs", "vendor": "AutomationDirect", "versions": [{"lessThan": "2.72", "status": "affected", "version": "D0-06DD1", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06DD2", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06DR", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06DA", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06AR", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06AA", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06DD1-D", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06DD2-D", "versionType": "custom"}, {"lessThan": "2.72", "status": "affected", "version": "D0-06DR-D", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Sam Hanson of Dragos reported this vulnerability to CISA."}], "datePublic": "2022-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-31T15:59:33", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"}], "solutions": [{"lang": "en", "value": "AutomationDirect recommends users upgrade to firmware Version 2.72 or later, which will no longer respond with the password when requested with the specially crafted message.\n\nAdditional mitigation for brute force password access has also been added. Three incorrect password entries will result in a 3-hour lock out of password entry. Power cycle will allow subsequent password attempts.\n\nWhile automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application.\n\nAutomationDirect has identified the specific mitigation actions listed below:\n\nSecure physical access.\nIsolate and air gap networks when possible.\nConsider some of the AutomationDirect newer PLC families."}], "source": {"discovery": "UNKNOWN"}, "title": "AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-06-16T17:00:00.000Z", "ID": "CVE-2022-2003", "STATE": "PUBLIC", "TITLE": "AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DirectLOGIC D0-06 series CPUs", "version": {"version_data": [{"version_affected": "<", "version_name": "D0-06DD1", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06DD2", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06DR", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06DA", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06AR", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06AA", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06DD1-D", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06DD2-D", "version_value": "2.72"}, {"version_affected": "<", "version_name": "D0-06DR-D", "version_value": "2.72"}]}}]}, "vendor_name": "AutomationDirect"}]}}, "credit": [{"lang": "eng", "value": "Sam Hanson of Dragos reported this vulnerability to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319 Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"}, {"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"}]}, "solution": [{"lang": "en", "value": "AutomationDirect recommends users upgrade to firmware Version 2.72 or later, which will no longer respond with the password when requested with the specially crafted message.\n\nAdditional mitigation for brute force password access has also been added. Three incorrect password entries will result in a 3-hour lock out of password entry. Power cycle will allow subsequent password attempts.\n\nWhile automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application.\n\nAutomationDirect has identified the specific mitigation actions listed below:\n\nSecure physical access.\nIsolate and air gap networks when possible.\nConsider some of the AutomationDirect newer PLC families."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.055Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-2003", "datePublished": "2022-08-31T15:59:33.369773Z", "dateReserved": "2022-06-06T00:00:00", "dateUpdated": "2024-09-17T00:56:08.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5AFBA65E-338B-4236-BCA6-FA305930A8F4", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd1:-:*:*:*:*:*:*:*", "matchCriteriaId": "F961CF86-3277-4EDB-A5B2-7EB305BACCD6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FDFC703-2915-4CF7-97A8-BE4F2007E4F9", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E91FF447-5939-4521-915E-517F0E16B0A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C2B1AF8-9448-428E-8FF3-D862C66241B0", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dr:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BEE237B-5775-4610-B431-44E124D880A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06da_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0567F254-00C6-4B3F-A24A-C5605B9A1A6F", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06da:-:*:*:*:*:*:*:*", "matchCriteriaId": "677B72A1-2582-4635-900A-F99192633727", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06ar_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D5F91FD-8F20-4BCF-9F0B-3E3A3029A31A", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06ar:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E373157-8264-49FE-AB64-4C5B46BC7DB5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06aa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "86D28B71-15E7-43F4-90F4-A5CD1081C05F", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06aa:-:*:*:*:*:*:*:*", "matchCriteriaId": "13D409FE-21AA-48B6-83EF-2F5205649538", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd1-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5751A9A-844A-48C6-A0DB-9BFE1A5E5285", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd1-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "9112C3CC-5D82-44AC-8F6D-0F57EE4D6199", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd2-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1E5DC0D-DF94-4FF0-B831-22288823B80B", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd2-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "57D5814E-B776-43BF-84F6-17A366350F57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dr-d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "440477AD-8CCA-4F8E-ADA4-DF6B2C973B2F", "versionEndExcluding": "2.72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dr-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "B38DA966-2520-44AB-9DC0-680A0F578177", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;"}, {"lang": "es", "value": "AutomationDirect DirectLOGIC es vulnerable a un mensaje serie espec\u00edficamente dise\u00f1ado para el puerto serie de la CPU que causar\u00e1 que el PLC responda con la contrase\u00f1a del PLC en texto sin cifrar. Esto podr\u00eda permitir a un atacante acceder y realizar cambios no autorizados. Este problema afecta a: CPUs de la serie D0-06 de AutomationDirect D0-06DD1 versiones anteriores a 2.72; D0-06DD2 versiones anteriores a 2.72; D0-06DR versiones anteriores a 2.72; D0-06DA versiones anteriores a 2.72; D0-06AR versiones anteriores a 2.72; D0-06AA versiones anteriores a 2.72; D0-06DD1-D versiones anteriores a 2.72; D0-06DD2-D versiones anteriores a 2.72; D0-06DR-D versiones anteriores a 2.72"}], "id": "CVE-2022-2003", "lastModified": "2024-11-21T07:00:09.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-31T16:15:10.393", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}