TOWN HALL:

Join us April 6th following up on Robert M. Lee's testimony during the Senate Committee on Energy and National Resources Hearing.

Skip to main content
Security Advisory

Automation Direct’s DirectLogic 06 PLC, C-More EA9 HMI, and ECOM Ethernet Module

Risk Information

Limited Threat

CVE ID

CVE-2022-2006

CVE-2022-2005

CVE-2022-2004

CVE-2022-2003

Vunerability Type

Uncontrolled Resource Consumption

Cleartext Transmission of Sensitive Information

Uncontrolled Resource Consumption

Insufficiently Protected Credentials

CVSS3 Score

7

7.5

7.5

7.5

CVSSv3 Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affecting

  • DirectLogic 06 PLCs prior to v2.72
  • ECOM Ethernet module
  • C-More HMI
  • Mitigation

    Update to a patched version, C-More HMI: firmware v6.72 or later. DL 06 PLC: firmware v2.72 or later.

    05/31/2022