ICSA-12-102-02
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
Koyo Ecom Modules Vulnerabilities
CVSS 5.0
MEDIUM
CVEs (1)
Remediations
- Koyo reports that this is resolved by the patch available for the ECOM modules listed in this advisory. According to Koyo, the web server within the ECOM modules are limited to module configuration parameters. Web server authentication was not added to the module
- however, the web server is now disabled by default. A configuration change is required to enable the web server.
Affected Vendors
Koyo
Affected Products (8)
Koyo
·
H2-ECOM (For DirectLogic DL205 Series Programmable Logic Controllers)
vers:all/*
Koyo
·
H2-ECOM-F (For DirectLogic DL205 Series Programmable Logic Controllers)
vers:all/*
Koyo
·
H2-ECOM100 (For DirectLogic DL205 Series Programmable Logic Controllers)
vers:all/*
Koyo
·
H0-ECOM (For DirectLogic DL06 Series Programmable Logic Controllers)
vers:all/*
Koyo
·
H0-ECOM100 (For DirectLogic DL06 Series Programmable Logic Controllers)
vers:all/*
Koyo
·
H4-ECOM (For DirectLogic DL405 Series Programmable Logic Controllers)
vers:all/*
Koyo
·
H4-ECOM-F (For DirectLogic DL405 Series Programmable Logic Controllers)
vers:all/*
Koyo
·
H4-ECOM100 (For DirectLogic DL405 Series Programmable Logic Controllers)
vers:all/*
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more