AutomationDirect DirectLogic H2-DM1E

Plan Patch8.8ICS-CERT ICSA-24-256-17Sep 12, 2024

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The DirectLogic H2-DM1E contains authentication bypass and session injection vulnerabilities (CWE-294, CWE-384) due to inherent architectural limitations. An attacker could inject traffic into an authenticated session or authenticate as a valid user without proper credentials. AutomationDirect has determined the product cannot be supported within its secure development lifecycle and will not be patched due to age and architectural constraints.

What this means

What could happen

An attacker on the local network could bypass authentication or hijack an active engineering session, allowing unauthorized command execution on the PLC. This could result in unauthorized changes to control logic, process parameter modifications, or operational disruptions.

Who's at risk

Transportation sector operators using AutomationDirect DirectLogic H2-DM1E PLCs for signal control, switching systems, or other automation functions should prioritize this vulnerability. Any facility relying on this aging hardware for critical process control is at risk if the device remains on a shared corporate or operations network.

How it could be exploited

An attacker with access to the local network segment containing the H2-DM1E can intercept and inject traffic into an authenticated session between an engineering workstation and the PLC, or craft authentication bypass payloads to impersonate a valid operator. No special privileges or credentials are required for the initial attack.

Prerequisites

Network access to the same Ethernet segment as the H2-DM1E (AV:A indicates local/adjacent network)
No valid credentials required to initiate the attack
Target device must be reachable from attacker's network position

Remotely exploitable from adjacent networkNo authentication required for attack initiationLow attack complexityNo patch available (end-of-life product)Authentication bypass capability enables full control of affected device

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

DirectLogic H2-DM1E: <=2.8.0≤ 2.8.0No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement network segmentation to isolate the H2-DM1E from broader plant network and external connections

HARDENINGDeploy the H2-DM1E behind a StrideLinx secure VPN platform to control and authenticate remote access

HARDENINGAir gap the H2-DM1E if feasible—disconnect unnecessary network connections and rely only on local engineering workstations within a protected segment

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade to the AutomationDirect BRX platform, which is actively maintained and meets current security standards

CVEs (2)

CVE-2024-43099 CVE-2024-45368

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/eeeca8ca-b925-4334-b518-bdec2852633a