cve/2022/CVE-2022-2005.md

### [CVE-2022-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2005)
![](https://img.shields.io/static/v1?label=Product&message=C-more%20EA9&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=EA9-T6CL%3C%206.73%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-319%20Cleartext%20Transmission%20of%20Sensitive%20Information&color=brighgreen)

### Description

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2022-2005