Security Advisory

Automation Direct’s DirectLogic 06 PLC, C-More EA9 HMI, and ECOM Ethernet Module

Risk Information

Limited Threat

CVE ID

CVE-2022-2006

CVE-2022-2005

CVE-2022-2004

CVE-2022-2003

Vunerability Type

Uncontrolled Resource Consumption

Cleartext Transmission of Sensitive Information

Uncontrolled Resource Consumption

Insufficiently Protected Credentials

CVSS3 Score

7.5

CVSSv3 Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

DirectLogic 06 PLCs prior to v2.72

ECOM Ethernet module

C-More HMI

Update to a patched version, C-More HMI: firmware v6.72 or later. DL 06 PLC: firmware v2.72 or later.

05/31/2022