Description
AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06DD1 – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06DD2 – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06DR – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06DA – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06AR – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06AA – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06DD1-D – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06DD2-D – 2.72
- AutomationDirect / DirectLOGIC D0-06 series CPUsD0-06DR-D – 2.72
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03