cbcvebase.
CVE-2022-2004
published 2022-08-31

CVE-2022-2004: AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.83%
52.9th percentile
AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;

Affected

19 ranges
VendorProductVersion rangeFixed in
automationdirectd0-06aa_firmware< 2.722.72
automationdirectd0-06ar_firmware< 2.722.72
automationdirectd0-06da_firmware< 2.722.72
automationdirectd0-06dd1-d_firmware< 2.722.72
automationdirectd0-06dd1_firmware< 2.722.72
automationdirectd0-06dd2-d_firmware< 2.722.72
automationdirectd0-06dd2_firmware< 2.722.72
automationdirectd0-06dr-d_firmware< 2.722.72
automationdirectd0-06dr_firmware< 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06AA < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06AR < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06DA < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06DD1 < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06DD1-D < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06DD2 < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06DD2-D < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06DR < 2.722.72
automationdirectdirectlogic_d0-06_series_cpus>= D0-06DR-D < 2.722.72
github.comsylabs_sif_v2>= 0 < 2.8.12.8.1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa5.0MEDIUM
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.