AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information
CVE-2022-2485

9.6CRITICAL

Key Information:

Vendor: Automationdirect
Status: Sio-mb04rtds; Sio- Mb04ads; Sio-mb04thms; Sio-mb08ads-1
Vendor: CVE Published:; 31 August 2022

What is CVE-2022-2485?

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

Affected Version(s)

SIO- MB04ADS < 8.4.3.0

SIO-MB04ADS B/N 5714442222

SIO-MB04DAS < 8.11.3.0

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05

x_refsource_CONFIRM

https://cdn.automationdirect.com/static/firmware/product_...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 31, 2022
Vulnerability Reserved
Jul 19, 2022

Credit

Byron Chaney of Accenture Security reported this vulnerability to CISA.