CVE-2022-2004
HIGHAutomationDirect DirectLOGIC D0-06 Series < 2.72 - Denial of Service via Crafted Packet Flood
Title source: llmDescription
AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72;
References (1)
Core 1
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_confirm
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03
Scores
CVSS v3
7.5
EPSS
0.0083
EPSS Percentile
52.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (9)
automationdirect/d0-06aa_firmware
< 2.72
automationdirect/d0-06ar_firmware
< 2.72
automationdirect/d0-06da_firmware
< 2.72
automationdirect/d0-06dd1-d_firmware
< 2.72
automationdirect/d0-06dd1_firmware
< 2.72
automationdirect/d0-06dd2-d_firmware
< 2.72
automationdirect/d0-06dd2_firmware
< 2.72
automationdirect/d0-06dr-d_firmware
< 2.72
automationdirect/d0-06dr_firmware
< 2.72
Published
Aug 31, 2022
Tracked Since
Feb 18, 2026