Multiple vulnerabilities in AutomationDirect DirectLogic H2-DM1E
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-45368 CVE-2024-43099 |
| CWE-ID | CWE-384 CWE-294 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
DirectLogic H2-DM1E Hardware solutions / Firmware |
| Vendor | AutomationDirect |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Session Fixation
EUVDB-ID: #VU97239
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-45368
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the session fixation issue within the authentication protocol. A remote attacker on the local network can gain unauthorized access to the application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDirectLogic H2-DM1E: 2.8.0
CPE2.3- cpe:2.3:h:automationdirect:directlogic_h2-dm1e:*:*:*:*:*:*:*:*
- cpe:2.3:h:automationdirect:directlogic_h2-dm1e:2.8.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Authentication Bypass by Capture-replay
EUVDB-ID: #VU97242
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-43099
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can capture the session key and inject traffic into an ongoing authenticated session.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsDirectLogic H2-DM1E: 2.8.0
CPE2.3- cpe:2.3:h:automationdirect:directlogic_h2-dm1e:*:*:*:*:*:*:*:*
- cpe:2.3:h:automationdirect:directlogic_h2-dm1e:2.8.0:*:*:*:*:*:*:*
http://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
