9.1
CVE-2022-2003
- EPSS 0.14%
- Veröffentlicht 31.08.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 07:00:09
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Automationdirect ≫ D0-06dd1 Firmware Version < 2.72
Automationdirect ≫ D0-06dd2 Firmware Version < 2.72
Automationdirect ≫ D0-06dr Firmware Version < 2.72
Automationdirect ≫ D0-06da Firmware Version < 2.72
Automationdirect ≫ D0-06ar Firmware Version < 2.72
Automationdirect ≫ D0-06aa Firmware Version < 2.72
Automationdirect ≫ D0-06dd1-d Firmware Version < 2.72
Automationdirect ≫ D0-06dd2-d Firmware Version < 2.72
Automationdirect ≫ D0-06dr-d Firmware Version < 2.72
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.342 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| ics-cert@hq.dhs.gov | 7.7 | 2.5 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.