AutomationDirect DirectLOGIC with Serial Communication

CVSS 7.7 HIGH

Risk Summary

Successful exploitation of this vulnerability could cause a loss of sensitive information and unauthorized changes.

CVEs (1)

CVE-2022-2003

Remediations

Update all D0-06 series CPUs to firmware version 2.72 or later
Update all DL05 series CPUs to firmware version 5.41 or later
D2-230/240/250 is obsolete and cannot be upgraded. AutomationDirect recommends upgrading to a newer PLC (D2-262 or newer PLC families; CLICK, Do-more/BRX and Productivity Series).
Update D2-250-1 to firmware version 4.91 or later
Update D2-260 to firmware version 2.71 or later
Update D2-262 to firmware version 1.06 or later
D3-350 is obsolete and cannot be upgraded. AutomationDirect recommends upgrading to a newer PLC (D2-262 or newer PLC families; CLICK, Do-more/BRX and Productivity Series).
D4-430/440/450 is obsolete and cannot be upgraded. AutomationDirect recommends upgrading to a newer PLC (D4-454 or newer PLC families; CLICK, Do-more/BRX and Productivity Series).
Update D4-454 to firmware version 1.04 or later
All DL105 CPUs (F1-130xx) are obsolete and cannot be upgraded. AutomationDirect recommends upgrading to a newer PLC (CLICK, Do-more/BRX and Productivity Series).
All DirectLogic PLC firmware can be found on the Product Firmware page. The updated firmware will no longer respond with the password when requested with the specially crafted message.
Additional brute force mitigation for password access has also been added. Three incorrect password entries will result in a 3 hour lock out of password entry. Power cycling will allow subsequent password attempts.
While automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application.
Secure physical access.
Isolate and air gap networks when possible.
Consider some of the AutomationDirect newer PLC families.
Users should refer to the following link for supporting information related to security considerations.

Affected Vendors

Automation Direct

Affected Products (36)

Automation Direct · D0-06AA < 2.72

Automation Direct · D0-06AR < 2.72

Automation Direct · D0-06DA < 2.72

Automation Direct · D0-06DD1 < 2.72

Automation Direct · D0-06DD1-D < 2.72

Automation Direct · D0-06DD2 < 2.72

Automation Direct · D0-06DD2-D < 2.72

Automation Direct · D0-06DR < 2.72

Automation Direct · D0-06DR-D < 2.72

Automation Direct · D0-05DD < V5.41

Automation Direct · D0-05DR < V5.41

Automation Direct · D0-05DA < V5.41

Automation Direct · D0-05AR < V5.41

Automation Direct · D0-05AA < V5.41

Automation Direct · D0-05AD < V5.41

Automation Direct · D0-05DD-D < V5.41

Automation Direct · D0-05DR-D < V5.41

Automation Direct · D2-230 vers:all/*

Automation Direct · D2-240 vers:all/*

Automation Direct · D2-250 vers:all/*

Automation Direct · D2-250-1 < V4.91

Automation Direct · D2-260 < V2.71

Automation Direct · D2-262 < V1.06

Automation Direct · D3-350 vers:all/*

Automation Direct · D4-430 vers:all/*

Automation Direct · D4-440 vers:all/*

Automation Direct · D4-450 vers:all/*

Automation Direct · D4-454 < V1.04

Automation Direct · F1-130AA vers:all/*

Automation Direct · F1-130AD vers:all/*

Automation Direct · F1-130DA vers:all/*

Automation Direct · F1-130DD vers:all/*

Automation Direct · F1-130DD-D vers:all/*

Automation Direct · F1-130DR-D vers:all/*

Automation Direct · F1-130AR vers:all/*

Automation Direct · F1-130DR vers:all/*

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more