CVE-2022-2485

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf	Patch Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05	Patch Third Party Advisory US Government Resource
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf	Patch Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05	Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb04rtds_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb04rtds:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb04ads_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb04ads:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb04thms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb04thms:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb08ads-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb08ads-1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb08ads-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb08ads-2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb08thms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb08thms:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb04das_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb04das:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb12cdr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb12cdr:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb16cdd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb16cdd2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:automationdirect:sio-mb16nd3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb16nd3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 9.6
References	~~() https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf - Patch, Vendor Advisory~~	() https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf - Patch, Vendor Advisory
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05 - Patch, Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05 - Patch, Third Party Advisory, US Government Resource

Information

Published : 2022-08-31 16:15

Updated : 2024-11-21 07:01

NVD link : CVE-2022-2485

Mitre link : CVE-2022-2485

CVE.ORG link : CVE-2022-2485

JSON object : View

Products Affected

automationdirect

sio-mb16cdd2
sio-mb04das
sio-mb08thms_firmware
sio-mb04das_firmware
sio-mb08ads-2_firmware
sio-mb08ads-1
sio-mb04rtds_firmware
sio-mb04thms
sio-mb16nd3
sio-mb04thms_firmware
sio-mb16nd3_firmware
sio-mb12cdr
sio-mb04ads
sio-mb08thms
sio-mb12cdr_firmware
sio-mb04rtds
sio-mb08ads-1_firmware
sio-mb08ads-2
sio-mb04ads_firmware
sio-mb16cdd2_firmware

CWE

CWE-319

Cleartext Transmission of Sensitive Information

9.6 /10