Lucene search
IcscertCVE-2022-2485HistoryAug 31, 2022 - 4:15 p.m.
CVE-2022-2485
2022-08-3116:15:10
CWE-319
icscert
web.nvd.nist.gov
31
6
cve-2022-2485
automationdirect
stride field i/o
password disclosure
web browser
security vulnerability
CVSS3
9.6
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
49.9%
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
Affected configurations
Node
automationdirectsio-mb04rtdsMatch-
automationdirectsio-mb04rtds_firmwareRange<8.3.4.0
Node
automationdirectsio-mb04adsMatch-
automationdirectsio-mb04ads_firmwareRange<8.4.3.0
Node
automationdirectsio-mb04thmsMatch-
automationdirectsio-mb04thms_firmwareRange<8.5.4.0
Node
automationdirectsio-mb08ads-1Match-
automationdirectsio-mb08ads-1_firmwareRange<8.6.3.0
Node
automationdirectsio-mb08ads-2Match-
automationdirectsio-mb08ads-2_firmwareRange<8.7.3.0
Node
automationdirectsio-mb08thmsMatch-
automationdirectsio-mb08thms_firmwareRange<8.8.4.0
Node
automationdirectsio-mb04dasMatch-
automationdirectsio-mb04das_firmwareRange<8.11.3.0
Node
automationdirectsio-mb12cdrMatch-
automationdirectsio-mb12cdr_firmwareRange<8.0.4.0
Node
automationdirectsio-mb16cdd2_firmwareRange<8.1.4.0
automationdirectsio-mb16cdd2Match-
Node
automationdirectsio-mb16nd3_firmwareRange<8.2.4.0
automationdirectsio-mb16nd3Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| automationdirect | sio-mb04rtds | - | cpe:2.3:h:automationdirect:sio-mb04rtds:-:*:*:*:*:*:*:* |
| automationdirect | sio-mb04rtds_firmware | * | cpe:2.3:o:automationdirect:sio-mb04rtds_firmware:*:*:*:*:*:*:*:* |
| automationdirect | sio-mb04ads | - | cpe:2.3:h:automationdirect:sio-mb04ads:-:*:*:*:*:*:*:* |
| automationdirect | sio-mb04ads_firmware | * | cpe:2.3:o:automationdirect:sio-mb04ads_firmware:*:*:*:*:*:*:*:* |
| automationdirect | sio-mb04thms | - | cpe:2.3:h:automationdirect:sio-mb04thms:-:*:*:*:*:*:*:* |
| automationdirect | sio-mb04thms_firmware | * | cpe:2.3:o:automationdirect:sio-mb04thms_firmware:*:*:*:*:*:*:*:* |
| automationdirect | sio-mb08ads-1 | - | cpe:2.3:h:automationdirect:sio-mb08ads-1:-:*:*:*:*:*:*:* |
| automationdirect | sio-mb08ads-1_firmware | * | cpe:2.3:o:automationdirect:sio-mb08ads-1_firmware:*:*:*:*:*:*:*:* |
| automationdirect | sio-mb08ads-2 | - | cpe:2.3:h:automationdirect:sio-mb08ads-2:-:*:*:*:*:*:*:* |
| automationdirect | sio-mb08ads-2_firmware | * | cpe:2.3:o:automationdirect:sio-mb08ads-2_firmware:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "SIO-MB04RTDS",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.3.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO- MB04ADS",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB04THMS",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.5.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB08ADS-1",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.6.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB08ADS-2",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.7.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB08THMS",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.8.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB04DAS",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.11.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB12CDR",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.0.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB16CDD2",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.1.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB16ND3",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "8.2.4.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "SIO-MB12CDR",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "batch number (B/N) 5714442222"
}
]
},
{
"product": "SIO-MB04ADS",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "B/N 5714442222"
}
]
},
{
"product": "SIO-MB04THMS",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "B/N 57141862221"
}
]
},
{
"product": "SIO-MB04DAS",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "B/N 4714432222"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2022-2485
2022-08-31 16:15:10
prion
prion
Default credentials
2022-08-31 16:15:00
ics
ics
AutomationDirect Stride Field I/O
2022-07-26 12:00:00
cvelist
cvelist
CVSS3
9.6
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
7.5
Confidence
High
EPSS
0.001
Percentile
49.9%
Related for CVE-2022-2485