Skip to main content
Security Advisory

Automation Direct’s DirectLogic 06 PLC, C-More EA9 HMI, and ECOM Ethernet Module

DirectLogic 06 PLCs prior to v2.72, ECOM Ethernet module:

  • H0-ECOM
  • H0-ECOM100
  • C-More HMI
  • EA9-T6CL
  • EA9-T6CL-R
  • EA9-T7CL
  • EA9-T7CL-R
  • EA9-T8CL
  • EA9-T10CL
  • EA9-T10WCL
  • EA9-T12CL
  • EA9-T15CL
  • EA9-T15CL-R
  • EA9-RHMI
  • EA9-PGMSW
C-More HMI programming software: prior to v6.72

Risk Information

affected product:

DirectLogic 06 PLCs prior to v2.72, ECOM Ethernet module, H0-ECOM, H0-ECOM100, C-More HMI, EA9-T6CL,, EA9-T6CL-R, EA9-T7CL, EA9-T7CL-R, EA9-T8CL, EA9-T10CL, EA9-T10WCL, EA9-T12CL, EA9-T15CL, EA9-T15CL-R, EA9-RHMI, EA9-PGMSW, C-More HMI programming software: prior to v6.72

Limited Threat

CVE ID

CVE-2022-2006

CVE-2022-2005

CVE-2022-2004

CVE-2022-2003

CVE-2022-2006

CVE-2022-2005

CVE-2022-2004

CVE-2022-2003

CVE-2022-2006

CVE-2022-2005

CVE-2022-2004

CVE-2022-2003

CVE-2022-2006

CVE-2022-2005

CVE-2022-2004

CVE-2022-2003

CVE-2022-2004

CVE-2022-2003

ID

CVE-2022-2006

Source

Dragos

Skill Level

N/A

CVSSV3 BASE / TEMPORAL SCORE

N/A

CVSSV3 vector

N/A

Affecting

  • DirectLogic 06 PLCs prior to v2.72, ECOM Ethernet module, H0-ECOM, H0-ECOM100, C-More HMI, EA9-T6CL,, EA9-T6CL-R, EA9-T7CL, EA9-T7CL-R, EA9-T8CL, EA9-T10CL, EA9-T10WCL, EA9-T12CL, EA9-T15CL, EA9-T15CL-R, EA9-RHMI, EA9-PGMSW, C-More HMI programming software: prior to v6.72
  • Vulnerability Type

    DLL Hijacking

    Insufficiently Protected Credentials

    Cleartext Transmission of Sensitive Information

    Uncontrolled Search Path Element

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    PLC Password Cracking Malware

    Disclosure Timeline

    05/31/2022 - Dragos discloses issue