FKIE_CVE-2022-2485
Vulnerability from fkie_nvd - Published: 2022-08-31 16:15 - Updated: 2024-11-21 07:01
Severity ?
9.6 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf | Patch, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05 | Patch, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb04rtds_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC3EEE4-16A2-41D0-915F-07E9FA32994E",
"versionEndExcluding": "8.3.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb04rtds:-:*:*:*:*:*:*:*",
"matchCriteriaId": "953C9FD5-204C-4E9B-9A9D-153780092E09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb04ads_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77E557CB-6319-4BEA-AA74-EA52B8D1359C",
"versionEndExcluding": "8.4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb04ads:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53ACAE0F-927D-41EF-813D-F93EC3F50E0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb04thms_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "564A4136-F57F-4663-AF67-414B199C03FB",
"versionEndExcluding": "8.5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb04thms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2A39C9-C81E-4E9D-A638-7FF1E9117F3C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb08ads-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD33343-8098-4531-80CF-4A66149E7EA6",
"versionEndExcluding": "8.6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb08ads-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26B5E0AB-6D13-41E2-9AE2-DEFAD22CDDDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb08ads-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5087BE1-FED7-48B9-A569-9D737A752E46",
"versionEndExcluding": "8.7.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb08ads-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C472AE-7643-45DE-AFCA-E00532FBD94B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb08thms_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE8CE7F-184E-4587-9F35-A68069396481",
"versionEndExcluding": "8.8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb08thms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C88F4369-56A5-4E34-8741-1075C74C68BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb04das_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC6A769-C283-49AD-B3AF-DAD187D71EE4",
"versionEndExcluding": "8.11.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb04das:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51E6E25C-027C-4716-8856-76B54B83852F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb12cdr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "954592AE-85CD-4257-955D-6E28F80D4D5C",
"versionEndExcluding": "8.0.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb12cdr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF30646-87D0-4C7B-BC55-15D4280D8874",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb16cdd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6BE4B41-20DD-4FCF-9CA2-734F184BBD59",
"versionEndExcluding": "8.1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb16cdd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A04509AF-E4FA-4C79-9F6F-05EFE1F533C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:automationdirect:sio-mb16nd3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F67E368-EFAC-4A4F-8F82-A964B197CE83",
"versionEndExcluding": "8.2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:automationdirect:sio-mb16nd3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CF0CA0-11C1-4349-9A65-0C707D6573B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets."
},
{
"lang": "es",
"value": "Cualquier intento (bueno o malo) de iniciar sesi\u00f3n en AutomationDirect Stride Field I/O con un navegador web puede hacer que el dispositivo responda con su contrase\u00f1a en los paquetes de comunicaci\u00f3n"
}
],
"id": "CVE-2022-2485",
"lastModified": "2024-11-21T07:01:05.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-31T16:15:10.993",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…