Security Advisory
Automation Direct’s DirectLogic 06 PLC, C-More EA9 HMI, and ECOM Ethernet Module
Risk Information
Limited Threat
CVE ID
CVE-2022-2006
CVE-2022-2005
CVE-2022-2004
CVE-2022-2003
Vunerability Type
Uncontrolled Resource Consumption
Cleartext Transmission of Sensitive Information
Uncontrolled Resource Consumption
Insufficiently Protected Credentials
CVSS3 Score
7
7.5
7.5
7.5
CVSSv3 Vector
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affecting
Mitigation
Update to a patched version, C-More HMI: firmware v6.72 or later. DL 06 PLC: firmware v2.72 or later.
05/31/2022