7.5
CVE-2022-2004
- EPSS 0.13%
- Veröffentlicht 31.08.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 07:00:09
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Automationdirect ≫ D0-06dd1 Firmware Version < 2.72
Automationdirect ≫ D0-06dd2 Firmware Version < 2.72
Automationdirect ≫ D0-06dr Firmware Version < 2.72
Automationdirect ≫ D0-06da Firmware Version < 2.72
Automationdirect ≫ D0-06ar Firmware Version < 2.72
Automationdirect ≫ D0-06aa Firmware Version < 2.72
Automationdirect ≫ D0-06dd1-d Firmware Version < 2.72
Automationdirect ≫ D0-06dd2-d Firmware Version < 2.72
Automationdirect ≫ D0-06dr-d Firmware Version < 2.72
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.332 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.