CVE-2022-2006

moderate-risk
Published 2022-08-31

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (12)

C-More Ea9-T6Cl Firmware
C-More Ea9-T6Cl-R Firmware
C-More Ea9-T7Cl Firmware
C-More Ea9-T7Cl-R Firmware
C-More Ea9-T8Cl Firmware
C-More Ea9-T10Cl Firmware
C-More Ea9-T10Wcl Firmware
C-More Ea9-T12Cl Firmware
C-More Ea9-T15Cl Firmware
C-More Ea9-T15Cl-R Firmware
C-More Ea9-Rhmi Firmware
C-More Ea9-Pgmsw Firmware

Affected Vendors

Automationdirect

References (2)

Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01
Patch https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01
42
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate