Free Webinar:

When Ransomware Strikes | The Impact of Ransomware in OT Environments

Skip to main content
Security Advisory

Automation Direct’s DirectLogic 06 PLC, C-More EA9 HMI, and ECOM Ethernet Module

Risk Information

Limited Threat

CVE ID

CVE-2022-2006

CVE-2022-2005

CVE-2022-2004

CVE-2022-2003

Vunerability Type

Uncontrolled Resource Consumption

Cleartext Transmission of Sensitive Information

Uncontrolled Resource Consumption

Insufficiently Protected Credentials

CVSS3 Score

7

7.5

7.5

7.5

CVSSv3 Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affecting

  • DirectLogic 06 PLCs prior to v2.72
  • ECOM Ethernet module
  • C-More HMI
  • Mitigation

    Update to a patched version, C-More HMI: firmware v6.72 or later. DL 06 PLC: firmware v2.72 or later.

    05/31/2022