CVE-2022-2485 - OpenCVE

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Automationdirect	Sio-mb04ads Sio-mb04ads Firmware Sio-mb04das Sio-mb04das Firmware Sio-mb04rtds Sio-mb04rtds Firmware Sio-mb04thms Sio-mb04thms Firmware Sio-mb08ads-1 Sio-mb08ads-1 Firmware Sio-mb08ads-2 Sio-mb08ads-2 Firmware Sio-mb08thms Sio-mb08thms Firmware Sio-mb12cdr Sio-mb12cdr Firmware Sio-mb16cdd2 Sio-mb16cdd2 Firmware Sio-mb16nd3 Sio-mb16nd3 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:automationdirect:sio-mb04rtds:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb04rtds_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:automationdirect:sio-mb04ads:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb04ads_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:automationdirect:sio-mb04thms:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb04thms_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:automationdirect:sio-mb08ads-1:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb08ads-1_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:automationdirect:sio-mb08ads-2:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb08ads-2_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:automationdirect:sio-mb08thms:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb08thms_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:automationdirect:sio-mb04das:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb04das_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:automationdirect:sio-mb12cdr:-:*:*:*:*:*:*:*

cpe:2.3:o:automationdirect:sio-mb12cdr_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:automationdirect:sio-mb16cdd2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb16cdd2:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:automationdirect:sio-mb16nd3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:automationdirect:sio-mb16nd3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-08-31T15:59:34

Updated: 2024-08-03T00:39:07.846Z

Reserved: 2022-07-19T00:00:00

Link: CVE-2022-2485

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-31T16:15:10.993

Modified: 2022-09-06T22:08:22.127

Link: CVE-2022-2485

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object