CVE-2022-2003

AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission

Description

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

Remediation

Solution:

AutomationDirect recommends users upgrade to firmware Version 2.72 or later, which will no longer respond with the password when requested with the specially crafted message. Additional mitigation for brute force password access has also been added. Three incorrect password entries will result in a 3-hour lock out of password entry. Power cycle will allow subsequent password attempts. While automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application. AutomationDirect has identified the specific mitigation actions listed below: Secure physical access. Isolate and air gap networks when possible. Consider some of the AutomationDirect newer PLC families.

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02	us government resource third party advisory patch
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03	us government resource third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2022-2003?: CVE-2022-2003 has been scored as a high severity vulnerability.
How to fix CVE-2022-2003?: To fix CVE-2022-2003: AutomationDirect recommends users upgrade to firmware Version 2.72 or later, which will no longer respond with the password when requested with the specially crafted message. Additional mitigation for brute force password access has also been added. Three incorrect password entries will result in a 3-hour lock out of password entry. Power cycle will allow subsequent password attempts. While automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application. AutomationDirect has identified the specific mitigation actions listed below: Secure physical access. Isolate and air gap networks when possible. Consider some of the AutomationDirect newer PLC families.
Is CVE-2022-2003 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-2003 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-2003?: CVE-2022-2003 affects AutomationDirect DirectLOGIC D0-06 series CPUs.

Description

Remediation

Category

CWE-319 – Cleartext Transmission of Sensitive Information

References

Frequently Asked Questions