Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-2485— AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information

CVSS 9.6 · Critical EPSS 0.11% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-2485

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information
Source: NVD (National Vulnerability Database)
Vulnerability Description
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款AutomationDirect产品安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AutomationDirect C-more EA9 HMI等都是美国AutomationDirect公司的产品。AutomationDirect C-more EA9 HMI是一系列触摸屏面板。AutomationDirect DirectLOGIC是一种可编程逻辑控制器。AutomationDirect SIO-MB04RTDS是 AutomationDirect Stride Field I/O products 存在安全漏洞,该漏洞源于使用 Web 浏览器登录上述设备的任何尝试都可能导致设备在通
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AutomationDirectSIO-MB04RTDS unspecified ~ 8.3.4.0 -
AutomationDirectSIO- MB04ADS unspecified ~ 8.4.3.0 -
AutomationDirectSIO-MB04THMS unspecified ~ 8.5.4.0 -
AutomationDirectSIO-MB08ADS-1 unspecified ~ 8.6.3.0 -
AutomationDirectSIO-MB08ADS-2 unspecified ~ 8.7.3.0 -
AutomationDirectSIO-MB08THMS unspecified ~ 8.8.4.0 -
AutomationDirectSIO-MB04DAS unspecified ~ 8.11.3.0 -
AutomationDirectSIO-MB12CDR unspecified ~ 8.0.4.0 -
AutomationDirectSIO-MB16CDD2 unspecified ~ 8.1.4.0 -
AutomationDirectSIO-MB16ND3 unspecified ~ 8.2.4.00 -
AutomationDirectSIO-MB12CDR batch number (B/N) 5714442222 -
AutomationDirectSIO-MB04ADS B/N 5714442222 -
AutomationDirectSIO-MB04THMS B/N 57141862221 -
AutomationDirectSIO-MB04DAS B/N 4714432222 -

II. Public POCs for CVE-2022-2485

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-2485

登录查看更多情报信息。

Same Patch Batch · AutomationDirect · 2022-08-31 · 5 CVEs total

CVE-2022-20067.8 HIGHAutomationDirect C-more EA9 HMI Uncontrolled Search Path Element
CVE-2022-20037.7 HIGHAutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission
CVE-2022-20047.5 HIGHAutomationDirect DirectLOGIC with Ethernet Communication Uncontrolled Resource Consumption
CVE-2022-20057.5 HIGHAutomationDirect C-more EA9 HMI Cleartext Transmission

IV. Related Vulnerabilities

Same vendor: AutomationDirect
Same weakness: CWE-319

V. Comments for CVE-2022-2485

No comments yet

Leave a comment