{"id": "CVE-2022-2003", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-08-31T16:15:10.393", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;"}, {"lang": "es", "value": "AutomationDirect DirectLOGIC es vulnerable a un mensaje serie espec\u00edficamente dise\u00f1ado para el puerto serie de la CPU que causar\u00e1 que el PLC responda con la contrase\u00f1a del PLC en texto sin cifrar. Esto podr\u00eda permitir a un atacante acceder y realizar cambios no autorizados. Este problema afecta a: CPUs de la serie D0-06 de AutomationDirect D0-06DD1 versiones anteriores a 2.72; D0-06DD2 versiones anteriores a 2.72; D0-06DR versiones anteriores a 2.72; D0-06DA versiones anteriores a 2.72; D0-06AR versiones anteriores a 2.72; D0-06AA versiones anteriores a 2.72; D0-06DD1-D versiones anteriores a 2.72; D0-06DD2-D versiones anteriores a 2.72; D0-06DR-D versiones anteriores a 2.72"}], "lastModified": "2024-11-21T07:00:09.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AFBA65E-338B-4236-BCA6-FA305930A8F4", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F961CF86-3277-4EDB-A5B2-7EB305BACCD6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FDFC703-2915-4CF7-97A8-BE4F2007E4F9", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E91FF447-5939-4521-915E-517F0E16B0A6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C2B1AF8-9448-428E-8FF3-D862C66241B0", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7BEE237B-5775-4610-B431-44E124D880A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06da_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0567F254-00C6-4B3F-A24A-C5605B9A1A6F", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06da:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "677B72A1-2582-4635-900A-F99192633727"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06ar_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D5F91FD-8F20-4BCF-9F0B-3E3A3029A31A", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06ar:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E373157-8264-49FE-AB64-4C5B46BC7DB5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06aa_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86D28B71-15E7-43F4-90F4-A5CD1081C05F", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "13D409FE-21AA-48B6-83EF-2F5205649538"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd1-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5751A9A-844A-48C6-A0DB-9BFE1A5E5285", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd1-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9112C3CC-5D82-44AC-8F6D-0F57EE4D6199"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dd2-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E5DC0D-DF94-4FF0-B831-22288823B80B", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dd2-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57D5814E-B776-43BF-84F6-17A366350F57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:automationdirect:d0-06dr-d_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "440477AD-8CCA-4F8E-ADA4-DF6B2C973B2F", "versionEndExcluding": "2.72"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:automationdirect:d0-06dr-d:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B38DA966-2520-44AB-9DC0-680A0F578177"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}
