The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.
Fixes

Solution

No solution given by the vendor.


Workaround

As part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle. To address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment: * Upgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect's secure development lifecycle. * Network segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities. * Deploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform. These mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. Please reach out to AutomationDirect https://www.automationdirect.com/adc/contactus/contactus  if you have any further questions or require additional details on these recommendations.

History

Fri, 13 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Automationdirect
Automationdirect h2-dm1e Firmware
CPEs cpe:2.3:o:automationdirect:h2-dm1e_firmware:*:*:*:*:*:*:*:*
Vendors & Products Automationdirect
Automationdirect h2-dm1e Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 13 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
Description The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.
Title AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
Weaknesses CWE-294
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-09-13T17:43:05.159Z

Reserved: 2024-09-05T16:57:26.882Z

Link: CVE-2024-43099

cve-icon Vulnrichment

Updated: 2024-09-13T17:43:00.896Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-13T17:15:12.527

Modified: 2024-09-14T11:47:14.677

Link: CVE-2024-43099

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.