Main Vulnerability Database Vulnerabilities #VU97242

#VU97242 Authentication Bypass by Capture-replay in DirectLogic H2-DM1E - CVE-2024-43099

Published: September 13, 2024

Vulnerability identifier: #VU97242

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-43099

CWE-ID: CWE-294

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
DirectLogic H2-DM1E

Software vendor:
AutomationDirect

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can capture the session key and inject traffic into an ongoing authenticated session.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17

#VU97242 Authentication Bypass by Capture-replay in DirectLogic H2-DM1E - CVE-2024-43099

Description

Remediation

External links

Please verify you're human