← Back to home
ICSA-22-167-03  ·  Published 2022-06-16  ·  View on CISA ICS-CERT ↗

AutomationDirect DirectLOGIC with Ethernet

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could cause a loss of sensitive information, unauthorized changes, and a denial-of-service condition.

CVEs (2)

Remediations

  • CVE-2022-2004: While automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application.
  • CVE-2022-2004: Secure physical access.
  • CVE-2022-2004: Isolate and air gap networks when possible.
  • CVE-2022-2004: Consider some of the AutomationDirect newer PLC families.
  • CVE-2022-2004: Users can refer to the following link for supporting information related to security considerations.
  • For CVE-2022-2003: Update all D0-06 series CPUs to firmware version 2.72 or later
  • For CVE-2022-2003: Update all DL05 series CPUs to firmware version 5.41 or later
  • For CVE-2022-2003: D2-240/250 is obsolete and cannot be upgraded. AutomationDirect recommends upgrading to a newer PLC (D2-262 or newer PLC families; CLICK, Do-more/BRX and Productivity Series).
  • For CVE-2022-2003: Update D2-250-1 to firmware version 4.91 or later
  • For CVE-2022-2003: Update D2-260 to firmware version 2.71 or later
  • For CVE-2022-2003: Update D2-262 to firmware version 1.06 or later
  • For CVE-2022-2003: D4-430/440/450 is obsolete and cannot be upgraded. AutomationDirect recommends upgrading to a newer PLC (D4-454 or newer PLC families; CLICK, Do-more/BRX and Productivity Series).
  • For CVE-2022-2003: Update D4-454 to firmware version 1.04 or later
  • For CVE-2022-2003: All DirectLogic PLC firmware can be found on the Product Firmware page. The updated firmware will no longer respond with the password when requested with the specially crafted message.
  • For CVE-2022-2003: Additional brute force mitigation for password access has been added. Three incorrect password entries will result in a 3 hour lock out of password entry. Power cycling will allow subsequent password attempts.

Affected Vendors

Automation Direct

Affected Products (26)

Automation Direct · D0-06AA < 2.72
Automation Direct · D0-06AR < 2.72
Automation Direct · D0-06DA < 2.72
Automation Direct · D0-06DD1 < 2.72
Automation Direct · D0-06DD1-D < 2.72
Automation Direct · D0-06DD2 < 2.72
Automation Direct · D0-06DD2-D < 2.72
Automation Direct · D0-06DR < 2.72
Automation Direct · D0-06DR-D < 2.72
Automation Direct · D0-05DD < 5.41
Automation Direct · D0-05DR < 5.41
Automation Direct · D0-05DA < 5.41
Automation Direct · D0-05AR < 5.41
Automation Direct · D0-05AA < 5.41
Automation Direct · D0-05AD < 5.41
Automation Direct · D0-05DD-D < 5.41
Automation Direct · D0-05DR-D < 5.41
Automation Direct · D2-240 vers:all/*
Automation Direct · D2-250 vers:all/*
Automation Direct · D2-250-1 < 4.91
Automation Direct · D2-260 < 2.71
Automation Direct · D2-262 < 1.06
Automation Direct · D4-430 vers:all/*
Automation Direct · D4-440 vers:all/*
Automation Direct · D4-450 vers:all/*
Automation Direct · D4-454 < 1.04

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more