AutomationDirect‘s DirectLogic H2-DM1E, a programmable logic controller (PLC), is no longer supported due to its age and inherent architectural limitations. Despite its discontinuation, the product has been found to contain critical vulnerabilities that could allow attackers to hijack authenticated sessions or bypass authentication altogether. The vulnerabilities, identified by researchers at Johns Hopkins Applied Physics Lab, include session fixation and authentication bypass, both of which are exploitable through adjacent network access. These vulnerabilities impact versions 2.8.0 and earlier of the H2-DM1E, with CVEs assigned as 2024-43099 and 2024-45368, each receiving high CVSS scores of 8.8.
In the session hijacking vulnerability, attackers could exploit the PLC’s application layer control mechanism by capturing session keys used to maintain secure connections between a host PC and the PLC. Once a session key is captured, attackers could inject traffic into an ongoing session, essentially taking over the communication. This attack requires spoofing the originating host’s IP and MAC addresses, which is typical of session hijacking attacks. Similarly, the PLC’s authentication protocol was found to have an anomaly where it accepted multiple valid responses for authentication, which is a deviation from standard security protocols.
Although no known exploits for these vulnerabilities have been reported, the risks remain significant due to their low complexity, meaning that attackers could leverage them with relatively little effort. The H2-DM1E is used in various critical infrastructure sectors, including manufacturing, dams, and food and agriculture, with global deployment. Given that this PLC is no longer supported by AutomationDirect, and its security flaws could not be addressed within the secure development lifecycle, the company has strongly recommended a transition to more secure and actively maintained systems.
To mitigate the risks posed by these vulnerabilities, AutomationDirect has provided several strategies. First, they recommend upgrading to the BRX platform, which meets current security standards and is actively maintained. Additionally, they advise implementing network segmentation and air gapping to isolate the older H2-DM1E technology from broader network environments, thereby minimizing exposure to potential threats. The company also suggests deploying a StrideLinx secure VPN platform to enhance network security and further protect against external attacks. These measures are intended to reduce the impact of security vulnerabilities and ensure a safer operational environment.
Reference:
