Action not permitted
Modal body text goes here.
Modal Title
Modal Body
tid-315
Vulnerability from emb3d
Type
Description
If the device includes a password retrieval mechanism, a threat actor could use that mechanism to retrieve a valid credential and then access the device. Password retrieval functions are typically intended to be used to support access from dedicated device management tools, but these functions may be reverse engineered and then initiated by the threat actor to gain valid credentials on a device.
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CVE-2022-2003 (GCVE-0-2022-2003)
Vulnerability from cvelistv5
Published
2022-08-31 15:59
Modified
2025-04-16 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AutomationDirect | DirectLOGIC D0-06 series CPUs |
Version: D0-06DD1 < 2.72 Version: D0-06DD2 < 2.72 Version: D0-06DR < 2.72 Version: D0-06DA < 2.72 Version: D0-06AR < 2.72 Version: D0-06AA < 2.72 Version: D0-06DD1-D < 2.72 Version: D0-06DD2-D < 2.72 Version: D0-06DR-D < 2.72 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:27:42.525536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:49:17.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DirectLOGIC D0-06 series CPUs",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06DD1",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06DD2",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06DR",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06DA",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06AR",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06AA",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06DD1-D",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06DD2-D",
"versionType": "custom"
},
{
"lessThan": "2.72",
"status": "affected",
"version": "D0-06DR-D",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sam Hanson of Dragos reported this vulnerability to CISA."
}
],
"datePublic": "2022-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-31T15:59:33.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"
}
],
"solutions": [
{
"lang": "en",
"value": "AutomationDirect recommends users upgrade to firmware Version 2.72 or later, which will no longer respond with the password when requested with the specially crafted message.\n\nAdditional mitigation for brute force password access has also been added. Three incorrect password entries will result in a 3-hour lock out of password entry. Power cycle will allow subsequent password attempts.\n\nWhile automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application.\n\nAutomationDirect has identified the specific mitigation actions listed below:\n\nSecure physical access.\nIsolate and air gap networks when possible.\nConsider some of the AutomationDirect newer PLC families."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-06-16T17:00:00.000Z",
"ID": "CVE-2022-2003",
"STATE": "PUBLIC",
"TITLE": "AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DirectLOGIC D0-06 series CPUs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "D0-06DD1",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06DD2",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06DR",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06DA",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06AR",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06AA",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06DD1-D",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06DD2-D",
"version_value": "2.72"
},
{
"version_affected": "\u003c",
"version_name": "D0-06DR-D",
"version_value": "2.72"
}
]
}
}
]
},
"vendor_name": "AutomationDirect"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sam Hanson of Dragos reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-02"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "AutomationDirect recommends users upgrade to firmware Version 2.72 or later, which will no longer respond with the password when requested with the specially crafted message.\n\nAdditional mitigation for brute force password access has also been added. Three incorrect password entries will result in a 3-hour lock out of password entry. Power cycle will allow subsequent password attempts.\n\nWhile automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application.\n\nAutomationDirect has identified the specific mitigation actions listed below:\n\nSecure physical access.\nIsolate and air gap networks when possible.\nConsider some of the AutomationDirect newer PLC families."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2003",
"datePublished": "2022-08-31T15:59:33.369Z",
"dateReserved": "2022-06-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:49:17.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31205 (GCVE-0-2022-31205)
Vulnerability from cvelistv5
Published
2022-07-26 21:28
Modified
2024-08-03 07:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.forescout.com/blog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-26T21:28:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.forescout.com/blog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.forescout.com/blog/",
"refsource": "MISC",
"url": "https://www.forescout.com/blog/"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31205",
"datePublished": "2022-07-26T21:28:41",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…