CVE-2022-2485

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04rtds_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04rtds:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04ads_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04ads:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04thms_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04thms:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb08ads-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb08ads-1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb08ads-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb08ads-2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb08thms_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb08thms:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04das_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04das:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb12cdr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb12cdr:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb16cdd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb16cdd2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb16nd3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb16nd3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 9.6
References () https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf - Patch, Vendor Advisory () https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf - Patch, Vendor Advisory
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05 - Patch, Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05 - Patch, Third Party Advisory, US Government Resource

06 Sep 2022, 22:08

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-31 16:15

Updated : 2024-11-21 07:01


NVD link : CVE-2022-2485

Mitre link : CVE-2022-2485

CVE.ORG link : CVE-2022-2485


JSON object : View

Products Affected

automationdirect

  • sio-mb16nd3
  • sio-mb04rtds_firmware
  • sio-mb08ads-2
  • sio-mb08ads-2_firmware
  • sio-mb16cdd2
  • sio-mb04thms
  • sio-mb04rtds
  • sio-mb12cdr
  • sio-mb08ads-1_firmware
  • sio-mb08thms
  • sio-mb04ads
  • sio-mb08thms_firmware
  • sio-mb04thms_firmware
  • sio-mb12cdr_firmware
  • sio-mb04ads_firmware
  • sio-mb08ads-1
  • sio-mb16cdd2_firmware
  • sio-mb16nd3_firmware
  • sio-mb04das_firmware
  • sio-mb04das
CWE
CWE-319

Cleartext Transmission of Sensitive Information