CVE-2022-2485

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
icscertCNA
9.6 CRITICAL
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
automationdirectsio-mb04rtds_firmware
𝑥
< 8.3.4.0
automationdirectsio-mb04ads_firmware
𝑥
< 8.4.3.0
automationdirectsio-mb04thms_firmware
𝑥
< 8.5.4.0
automationdirectsio-mb08ads-1_firmware
𝑥
< 8.6.3.0
automationdirectsio-mb08ads-2_firmware
𝑥
< 8.7.3.0
automationdirectsio-mb08thms_firmware
𝑥
< 8.8.4.0
automationdirectsio-mb04das_firmware
𝑥
< 8.11.3.0
automationdirectsio-mb12cdr_firmware
𝑥
< 8.0.4.0
automationdirectsio-mb16cdd2_firmware
𝑥
< 8.1.4.0
automationdirectsio-mb16nd3_firmware
𝑥
< 8.2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05