Main Vulnerability Database SB2024091337

SB2024091337 - Multiple vulnerabilities in AutomationDirect DirectLogic H2-DM1E

Published: September 13, 2024

Security Bulletin ID SB2024091337

Severity

Medium

Patch available

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Session Fixation (CVE-ID: CVE-2024-45368)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the session fixation issue within the authentication protocol. A remote attacker on the local network can gain unauthorized access to the application.

2) Authentication Bypass by Capture-replay (CVE-ID: CVE-2024-43099)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can capture the session key and inject traffic into an ongoing authenticated session.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17