Search criteria
4 vulnerabilities found for DirectLogic H2-DM1E by AutomationDirect
CVE-2024-45368 (GCVE-0-2024-45368)
Vulnerability from cvelistv5 – Published: 2024-09-13 16:36 – Updated: 2024-09-13 17:41
VLAI?
Summary
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AutomationDirect | DirectLogic H2-DM1E |
Affected:
0 , ≤ 2.8.0
(custom)
|
Credits
Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:automationdirect:h2-dm1e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "h2-dm1e_firmware",
"vendor": "automationdirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:37:03.141320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:41:54.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DirectLogic H2-DM1E",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe H2-DM1E PLC\u0027s authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there\u0027s an observed anomaly in the H2-DM1E PLC\u0027s protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "The H2-DM1E PLC\u0027s authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there\u0027s an observed anomaly in the H2-DM1E PLC\u0027s protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:36:08.941Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17"
}
],
"source": {
"advisory": "ICSA-24-256-17",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect DirectLogic H2-DM1E Session Fixation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAs part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\u003c/p\u003e\u003cp\u003eTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\u003c/li\u003e\u003cli\u003eNetwork segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\u003c/li\u003e\u003cli\u003eDeploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/adc/contactus/contactus\"\u003ePlease reach out to AutomationDirect\u003c/a\u003e\u0026nbsp;if you have any further questions or require additional details on these recommendations.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "As part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\n\nTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\n\n * Upgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\n * Network segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\n * Deploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\n\n\nThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. Please reach out to AutomationDirect https://www.automationdirect.com/adc/contactus/contactus \u00a0if you have any further questions or require additional details on these recommendations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-45368",
"datePublished": "2024-09-13T16:36:08.941Z",
"dateReserved": "2024-09-05T16:57:26.873Z",
"dateUpdated": "2024-09-13T17:41:54.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43099 (GCVE-0-2024-43099)
Vulnerability from cvelistv5 – Published: 2024-09-13 16:33 – Updated: 2024-09-13 17:43
VLAI?
Summary
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.
Severity ?
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AutomationDirect | DirectLogic H2-DM1E |
Affected:
0 , ≤ 2.8.0
(custom)
|
Credits
Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:automationdirect:h2-dm1e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "h2-dm1e_firmware",
"vendor": "automationdirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:42:26.853138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:43:05.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DirectLogic H2-DM1E",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe session hijacking attack targets the application layer\u0027s control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.\u003c/span\u003e"
}
],
"value": "The session hijacking attack targets the application layer\u0027s control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:33:02.575Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17"
}
],
"source": {
"advisory": "ICSA-24-256-17",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAs part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\u003c/p\u003e\u003cp\u003eTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\u003c/li\u003e\u003cli\u003eNetwork segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\u003c/li\u003e\u003cli\u003eDeploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/adc/contactus/contactus\"\u003ePlease reach out to AutomationDirect\u003c/a\u003e\u0026nbsp;if you have any further questions or require additional details on these recommendations.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "As part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\n\nTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\n\n * Upgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\n * Network segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\n * Deploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\n\n\nThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. Please reach out to AutomationDirect https://www.automationdirect.com/adc/contactus/contactus \u00a0if you have any further questions or require additional details on these recommendations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-43099",
"datePublished": "2024-09-13T16:33:02.575Z",
"dateReserved": "2024-09-05T16:57:26.882Z",
"dateUpdated": "2024-09-13T17:43:05.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45368 (GCVE-0-2024-45368)
Vulnerability from nvd – Published: 2024-09-13 16:36 – Updated: 2024-09-13 17:41
VLAI?
Summary
The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AutomationDirect | DirectLogic H2-DM1E |
Affected:
0 , ≤ 2.8.0
(custom)
|
Credits
Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:automationdirect:h2-dm1e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "h2-dm1e_firmware",
"vendor": "automationdirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:37:03.141320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:41:54.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DirectLogic H2-DM1E",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe H2-DM1E PLC\u0027s authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there\u0027s an observed anomaly in the H2-DM1E PLC\u0027s protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "The H2-DM1E PLC\u0027s authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there\u0027s an observed anomaly in the H2-DM1E PLC\u0027s protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:36:08.941Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17"
}
],
"source": {
"advisory": "ICSA-24-256-17",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect DirectLogic H2-DM1E Session Fixation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAs part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\u003c/p\u003e\u003cp\u003eTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\u003c/li\u003e\u003cli\u003eNetwork segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\u003c/li\u003e\u003cli\u003eDeploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/adc/contactus/contactus\"\u003ePlease reach out to AutomationDirect\u003c/a\u003e\u0026nbsp;if you have any further questions or require additional details on these recommendations.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "As part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\n\nTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\n\n * Upgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\n * Network segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\n * Deploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\n\n\nThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. Please reach out to AutomationDirect https://www.automationdirect.com/adc/contactus/contactus \u00a0if you have any further questions or require additional details on these recommendations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-45368",
"datePublished": "2024-09-13T16:36:08.941Z",
"dateReserved": "2024-09-05T16:57:26.873Z",
"dateUpdated": "2024-09-13T17:41:54.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43099 (GCVE-0-2024-43099)
Vulnerability from nvd – Published: 2024-09-13 16:33 – Updated: 2024-09-13 17:43
VLAI?
Summary
The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.
Severity ?
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AutomationDirect | DirectLogic H2-DM1E |
Affected:
0 , ≤ 2.8.0
(custom)
|
Credits
Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:automationdirect:h2-dm1e_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "h2-dm1e_firmware",
"vendor": "automationdirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:42:26.853138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:43:05.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DirectLogic H2-DM1E",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe session hijacking attack targets the application layer\u0027s control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack.\u003c/span\u003e"
}
],
"value": "The session hijacking attack targets the application layer\u0027s control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:33:02.575Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17"
}
],
"source": {
"advisory": "ICSA-24-256-17",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAs part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\u003c/p\u003e\u003cp\u003eTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\u003c/li\u003e\u003cli\u003eNetwork segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\u003c/li\u003e\u003cli\u003eDeploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/adc/contactus/contactus\"\u003ePlease reach out to AutomationDirect\u003c/a\u003e\u0026nbsp;if you have any further questions or require additional details on these recommendations.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "As part of their ongoing risk assessment, AutomationDirect has determined that the H2-DM1E, due to its age and inherent architectural limitations, can no longer be supported within the secure development lifecycle.\n\nTo address these challenges, AutomationDirect recommends the following mitigation strategies based on a thorough risk assessment:\n\n * Upgrade to the BRX platform: Transitioning to the BRX platform is strongly advised, as it is designed to meet current security standards and is actively maintained within AutomationDirect\u0027s secure development lifecycle.\n * Network segmentation and air gapping: To mitigate risks associated with the H2-DM1E, AutomationDirect recommends implementing network segmentation and air gapping. This strategy will isolate the older technology from the broader network, reducing its exposure to external threats and minimizing the impact of any security vulnerabilities.\n * Deploy a StrideLinx secure VPN platform: AutomationDirect also recommends placing the system behind a StrideLinx VPN platform.\n\n\nThese mitigation strategies provide a comprehensive approach to managing the risks associated with the H2-DM1E while preparing for future security needs. Please reach out to AutomationDirect https://www.automationdirect.com/adc/contactus/contactus \u00a0if you have any further questions or require additional details on these recommendations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-43099",
"datePublished": "2024-09-13T16:33:02.575Z",
"dateReserved": "2024-09-05T16:57:26.882Z",
"dateUpdated": "2024-09-13T17:43:05.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}