CVE-2022-2006 Explained : Impact and Mitigation
Learn about CVE-2022-2006 affecting AutomationDirect C-more EA9 HMI, allowing code execution during installation process. Find mitigation steps and long-term security practices.
AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element vulnerability allows attackers to execute code during the installation process. The affected products include C-more EA9 EA9-T6CL, EA9-T6CL-R, EA9-T7CL, EA9-T7CL-R, EA9-T8CL, EA9-T10CL, EA9-T10WCL, EA9-T12CL, EA9-T15CL, EA9-RHMI, and EA9-PGMSW versions prior to 6.73.
Understanding CVE-2022-2006
This CVE identifies a DLL vulnerability in AutomationDirect DirectLOGIC that poses a risk during the installation process.
What is CVE-2022-2006?
AutomationDirect C-more EA9 HMI has a DLL vulnerability that may lead to code execution during installation.
The Impact of CVE-2022-2006
With a CVSS base score of 7.8, this high-severity vulnerability can cause significant damage, especially due to its impact on confidentiality, integrity, and availability.
Technical Details of CVE-2022-2006
The vulnerability stems from an uncontrolled search path element, which can be exploited locally without any privileges required. The attack complexity is low, making it easier for threat actors to exploit the flaw.
Vulnerability Description
The DLL vulnerability in the install directory of AutomationDirect DirectLOGIC enables malicious actors to execute arbitrary code during the installation process.
Affected Systems and Versions
The vulnerability impacts various C-more EA9 HMI versions, including EA9-T6CL, EA9-T6CL-R, EA9-T7CL, EA9-T7CL-R, EA9-T8CL, EA9-T10CL, EA9-T10WCL, EA9-T12CL, EA9-T15CL, EA9-RHMI, and EA9-PGMSW versions pre-6.73.
Exploitation Mechanism
The attack can be launched locally, requiring no specific privileges for successful execution. The attacker needs user interaction for exploitation.
Mitigation and Prevention
To address CVE-2022-2006, it is crucial to upgrade affected systems to firmware Version 6.73 or later, which introduces TLS security options for the webserver. Users should also follow additional security measures to safeguard their automation networks and systems.
Immediate Steps to Take
AutomationDirect recommends disabling the Webserver feature on the HMI using programming software. Placing the HMI panel behind a VPN can enhance security, especially when operating across different networks.
Long-Term Security Practices
Users of PLCs, HMI products, and other SCADA system products should conduct independent network security analyses to determine the necessary security measures.
Patching and Updates
In cases where systems cannot be upgraded to Version 6.73, implementing mitigations like disabling the Webserver feature and using a VPN can help secure systems effectively.