AutomationDirect DirectLogic H2-DM1E

Plan PatchCVSS 8.8ICS-CERT ICSA-24-256-17Sep 12, 2024

AutomationDirectTransportation

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The DirectLogic H2-DM1E contains two vulnerabilities (CWE-294 session injection, CWE-384 session fixation) that allow an attacker to inject traffic into an authenticated session or impersonate a valid user without proper authentication. The device is no longer supported within AutomationDirect's secure development lifecycle due to its age and architectural limitations. No patch will be released.

What this means

What could happen

An attacker with network access to the H2-DM1E could impersonate an authorized user or intercept and modify commands sent to the controller, allowing unauthorized changes to process logic, setpoints, or safety parameters in transportation automation systems.

Who's at risk

Transportation automation and control system operators who rely on DirectLogic H2-DM1E controllers are affected. This includes rail systems, vehicle control units, and industrial conveyor systems that use this legacy PLC platform.

How it could be exploited

An attacker on the same network segment as the H2-DM1E can inject traffic into an existing authenticated session or forge a session to authenticate as a legitimate user. Once authenticated, the attacker can issue commands directly to the PLC to modify control parameters or halt operations.

Prerequisites

Network access to the H2-DM1E on the local network segment (adjacent network)
Ability to observe or intercept existing authenticated sessions, or knowledge of session tokens/credentials

no patch available (end-of-life product)affects control logic and operational safetysession-level authentication bypass allows impersonationnetwork-adjacent attack vectorarchitectural limitations prevent secure fix

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

DirectLogic H2-DM1E: <=2.8.0≤ 2.8.0No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGImplement network segmentation to isolate the H2-DM1E onto a dedicated VLAN with restricted access. Limit connections to only authorized engineering workstations and supervisory systems.

HARDENINGDeploy a StrideLinx secure VPN platform in front of the H2-DM1E to encrypt and authenticate all remote access connections.

HARDENINGApply firewall rules to block any network traffic to the H2-DM1E from outside the isolated control network segment.

WORKAROUNDIf immediate migration is not feasible, air-gap the H2-DM1E by disconnecting it from the corporate network and all remote access systems, relying only on local physical access for engineering changes.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXPlan and execute a migration to the BRX platform, which is actively maintained and designed to meet current security standards. Coordinate with AutomationDirect for upgrade pathway and schedule maintenance window.

CVEs (2)

CVE-2024-43099 CVE-2024-45368

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/eeeca8ca-b925-4334-b518-bdec2852633a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.