{ "id": "CVE-2022-2485", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2022-08-31T16:15:10.993", "lastModified": "2022-09-06T22:08:22.127", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets." }, { "lang": "es", "value": "Cualquier intento (bueno o malo) de iniciar sesi\u00f3n en AutomationDirect Stride Field I/O con un navegador web puede hacer que el dispositivo responda con su contrase\u00f1a en los paquetes de comunicaci\u00f3n" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 2.8, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-319" } ] }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-319" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb04rtds:-:*:*:*:*:*:*:*", "matchCriteriaId": "953C9FD5-204C-4E9B-9A9D-153780092E09" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb04rtds_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.3.4.0", "matchCriteriaId": "5EC3EEE4-16A2-41D0-915F-07E9FA32994E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb04ads:-:*:*:*:*:*:*:*", "matchCriteriaId": "53ACAE0F-927D-41EF-813D-F93EC3F50E0F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb04ads_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.4.3.0", "matchCriteriaId": "77E557CB-6319-4BEA-AA74-EA52B8D1359C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb04thms:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB2A39C9-C81E-4E9D-A638-7FF1E9117F3C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb04thms_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.5.4.0", "matchCriteriaId": "564A4136-F57F-4663-AF67-414B199C03FB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb08ads-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "26B5E0AB-6D13-41E2-9AE2-DEFAD22CDDDA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb08ads-1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.6.3.0", "matchCriteriaId": "ADD33343-8098-4531-80CF-4A66149E7EA6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb08ads-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C472AE-7643-45DE-AFCA-E00532FBD94B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb08ads-2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.7.3.0", "matchCriteriaId": "C5087BE1-FED7-48B9-A569-9D737A752E46" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb08thms:-:*:*:*:*:*:*:*", "matchCriteriaId": "C88F4369-56A5-4E34-8741-1075C74C68BD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb08thms_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.8.4.0", "matchCriteriaId": "CBE8CE7F-184E-4587-9F35-A68069396481" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb04das:-:*:*:*:*:*:*:*", "matchCriteriaId": "51E6E25C-027C-4716-8856-76B54B83852F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb04das_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.11.3.0", "matchCriteriaId": "DFC6A769-C283-49AD-B3AF-DAD187D71EE4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb12cdr:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBF30646-87D0-4C7B-BC55-15D4280D8874" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb12cdr_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.0.4.0", "matchCriteriaId": "954592AE-85CD-4257-955D-6E28F80D4D5C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb16cdd2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.1.4.0", "matchCriteriaId": "F6BE4B41-20DD-4FCF-9CA2-734F184BBD59" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb16cdd2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A04509AF-E4FA-4C79-9F6F-05EFE1F533C9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:automationdirect:sio-mb16nd3_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.2.4.0", "matchCriteriaId": "6F67E368-EFAC-4A4F-8F82-A964B197CE83" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:automationdirect:sio-mb16nd3:-:*:*:*:*:*:*:*", "matchCriteriaId": "31CF0CA0-11C1-4349-9A65-0C707D6573B4" } ] } ] } ], "references": [ { "url": "https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf", "source": "ics-cert@hq.dhs.gov", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05", "source": "ics-cert@hq.dhs.gov", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ] } ] }