CVE-2022-2485

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-2485
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05 Patch Third Party Advisory US Government Resource
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04rtds_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04rtds:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04ads_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04ads:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04thms_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04thms:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb08ads-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb08ads-1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb08ads-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb08ads-2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb08thms_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb08thms:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb04das_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb04das:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb12cdr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb12cdr:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb16cdd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb16cdd2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:automationdirect:sio-mb16nd3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:automationdirect:sio-mb16nd3:-:*:*:*:*:*:*:*
Information

Published : 2022-08-31 09:15

Updated : 2022-09-06 15:08

NVD link : CVE-2022-2485

Mitre link : CVE-2022-2485

JSON object : View

CWE
CWE-319

Cleartext Transmission of Sensitive Information

Advertisement

dedicated server usa
Products Affected

automationdirect

  • sio-mb04ads
  • sio-mb04das
  • sio-mb16nd3
  • sio-mb08ads-2
  • sio-mb08thms
  • sio-mb04ads_firmware
  • sio-mb08ads-1_firmware
  • sio-mb08ads-1
  • sio-mb16nd3_firmware
  • sio-mb08thms_firmware
  • sio-mb04rtds_firmware
  • sio-mb16cdd2_firmware
  • sio-mb04das_firmware
  • sio-mb12cdr
  • sio-mb04rtds
  • sio-mb04thms_firmware
  • sio-mb12cdr_firmware
  • sio-mb08ads-2_firmware
  • sio-mb16cdd2
  • sio-mb04thms