CVE-2022-2485
9.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AutomationDirect | SIO-MB04RTDS | unspecified < 8.3.4.0 | affected |
| AutomationDirect | SIO- MB04ADS | unspecified < 8.4.3.0 | affected |
| AutomationDirect | SIO-MB04THMS | unspecified < 8.5.4.0 | affected |
| AutomationDirect | SIO-MB08ADS-1 | unspecified < 8.6.3.0 | affected |
| AutomationDirect | SIO-MB08ADS-2 | unspecified < 8.7.3.0 | affected |
| AutomationDirect | SIO-MB08THMS | unspecified < 8.8.4.0 | affected |
| AutomationDirect | SIO-MB04DAS | unspecified < 8.11.3.0 | affected |
| AutomationDirect | SIO-MB12CDR | unspecified < 8.0.4.0 | affected |
| AutomationDirect | SIO-MB16CDD2 | unspecified < 8.1.4.0 | affected |
| AutomationDirect | SIO-MB16ND3 | unspecified < 8.2.4.00 | affected |
| AutomationDirect | SIO-MB12CDR | batch number (B/N) 5714442222 | affected |
| AutomationDirect | SIO-MB04ADS | B/N 5714442222 | affected |
| AutomationDirect | SIO-MB04THMS | B/N 57141862221 | affected |
| AutomationDirect | SIO-MB04DAS | B/N 4714432222 | affected |
Weaknesses
- CWE-319: CWE-319: Cleartext Transmission of Sensitive Information
Workarounds
AutomationDirect has identified the specific mitigation actions listed below:
Secure physical access. Isolate and air gap networks when possible. Follow the security considerations in the Automation Direct Security Considerations document. https://support.automationdirect.com/docs/securityconsiderations.pdf
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05
- https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05
- https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.