Session Hijacking Attack Targets PLC Control Mechanism
CVE-2024-43099

8.8HIGH

Key Information:

Vendor: Automationdirect
Status: Directlogic H2-dm1e
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-43099?

A session hijacking vulnerability affects the application layer's control mechanism, which safeguards authenticated sessions between a host PC and a Programmable Logic Controller (PLC). It allows attackers, having intercepted the session key, to inject malicious traffic into ongoing sessions. To execute the attack, attackers must replicate both the originating host's IP address and MAC address, a tactic common in session-based attacks. This exposure highlights the necessity for robust session management and security measures within control systems.

Affected Version(s)

DirectLogic H2-DM1E 0 <= 2.8.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Sep 5, 2024

Credit

Daniel Davenport, Nicholas Meier, Matthew Zelinsky, and Ryan Silva of John Hopkins Applied Physics Lab reported these vulnerabilities to CISA.

Automationdirect

What is CVE-2024-43099?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit