CVE-2022-2003 : Security Advisory and Response
Discover the impact of CVE-2022-2003 on AutomationDirect DirectLOGIC systems. Learn about the vulnerability, affected versions, mitigation steps, and preventive measures to enhance system security.
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that exposes the PLC password in cleartext, potentially allowing unauthorized access and changes. This impacts various versions of the DirectLOGIC D0-06 series CPUs. Vulnerability reported to CISA by Sam Hanson of Dragos.
Understanding CVE-2022-2003
This section provides insights into the vulnerability's nature and potential impact on affected systems.
What is CVE-2022-2003?
AutomationDirect DirectLOGIC is susceptible to an attack where a specially crafted serial message can reveal the PLC password in cleartext, compromising system security.
The Impact of CVE-2022-2003
The vulnerability poses a high severity risk with a CVSS base score of 7.7. Attackers exploiting this issue could gain unauthorized access and manipulate affected systems.
Technical Details of CVE-2022-2003
Delve deeper into the technical aspects of the vulnerability to understand its specifics.
Vulnerability Description
The flaw allows malicious actors to extract the PLC password by sending a particular serial message to the CPU serial port, potentially leading to unauthorized system alterations.
Affected Systems and Versions
The vulnerability affects various versions of AutomationDirect DirectLOGIC D0-06 series CPUs, including D0-06DD1, D0-06DD2, D0-06DR, D0-06DA, D0-06AR, D0-06AA, D0-06DD1-D, D0-06DD2-D, and D0-06DR-D prior to version 2.72.
Exploitation Mechanism
Attackers exploit the flaw by sending a crafted serial message to the CPU serial port, triggering the PLC to disclose the password in plaintext.
Mitigation and Prevention
Explore strategies to mitigate the vulnerability and protect affected systems.
Immediate Steps to Take
AutomationDirect recommends upgrading to firmware Version 2.72 or later to prevent the password disclosure. Additional mitigation measures include a lockout after three incorrect password entries.
Long-Term Security Practices
For enhanced security, secure physical access to devices, isolate networks, and consider newer PLC families. Conduct network security assessments to determine suitable security measures.
Patching and Updates
AutomationDirect suggests adopting firmware Version 2.72 or newer and implementing additional security measures to safeguard against potential threats.