CVE-2022-2006 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2022-2006?

CVE-2022-2006 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-2006?

Check the references section above for vendor advisories and patch information. Affected products include: Automationdirect C-More Ea9-T6Cl Firmware, Automationdirect C-More Ea9-T6Cl, Automationdirect C-More Ea9-T6Cl-R Firmware, Automationdirect C-More Ea9-T6Cl-R, Automationdirect C-More Ea9-T7Cl Firmware.

Vulnerability Description

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Automationdirect	C-More Ea9-T6Cl Firmware	< 6.73
Automationdirect	C-More Ea9-T6Cl	-
Automationdirect	C-More Ea9-T6Cl-R Firmware	< 6.73
Automationdirect	C-More Ea9-T6Cl-R	-
Automationdirect	C-More Ea9-T7Cl Firmware	< 6.73
Automationdirect	C-More Ea9-T7Cl	-
Automationdirect	C-More Ea9-T7Cl-R Firmware	< 6.73
Automationdirect	C-More Ea9-T7Cl-R	-
Automationdirect	C-More Ea9-T8Cl Firmware	< 6.73
Automationdirect	C-More Ea9-T8Cl	-
Automationdirect	C-More Ea9-T10Cl Firmware	< 6.73
Automationdirect	C-More Ea9-T10Cl	-
Automationdirect	C-More Ea9-T10Wcl Firmware	< 6.73
Automationdirect	C-More Ea9-T10Wcl	-
Automationdirect	C-More Ea9-T12Cl Firmware	< 6.73
Automationdirect	C-More Ea9-T12Cl	-
Automationdirect	C-More Ea9-T15Cl Firmware	< 6.73
Automationdirect	C-More Ea9-T15Cl	-
Automationdirect	C-More Ea9-T15Cl-R Firmware	< 6.73
Automationdirect	C-More Ea9-T15Cl-R	-

Related Weaknesses (CWE)

CWE-427

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01PatchThird Party AdvisoryUS Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01PatchThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-2006?

CVE-2022-2006 is a vulnerability with a CVSS score of 7.8 (HIGH). AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA...

How severe is CVE-2022-2006?

CVE-2022-2006 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2006?

Check the references section above for vendor advisories and patch information. Affected products include: Automationdirect C-More Ea9-T6Cl Firmware, Automationdirect C-More Ea9-T6Cl, Automationdirect C-More Ea9-T6Cl-R Firmware, Automationdirect C-More Ea9-T6Cl-R, Automationdirect C-More Ea9-T7Cl Firmware.