1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable from an adjacent network/low attack complexity
- Vendor: AutomationDirect
- Equipment: DirectLogic H2-DM1E
- Vulnerabilities: Session Fixation, Authentication Bypass by Capture-replay
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to inject traffic into an ongoing authenticated session or authenticate as a valid user.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of DirectLogic H2-DM1E, a programmable logic controller, are affected:
- DirectLogic H2-DM1E: Versions 2.8.0 and prior
3.2 Vulnerability Overview
3.2.1 Authentication Bypass by Capture-replay CWE-294
The session hijacking attack targets the application layer’s control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.
CVE-2024-43099 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-43099. A base score of 8.7 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories