CVE-2022-2485 — CRITICAL (9.6)

Q: What is CVE-2022-2485?

CVE-2022-2485 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

Q: How severe is CVE-2022-2485?

CVE-2022-2485 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-2485?

Check the references section above for vendor advisories and patch information. Affected products include: Automationdirect Sio-Mb04Rtds Firmware, Automationdirect Sio-Mb04Rtds, Automationdirect Sio-Mb04Ads Firmware, Automationdirect Sio-Mb04Ads, Automationdirect Sio-Mb04Thms Firmware.

Vulnerability Description

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Automationdirect	Sio-Mb04Rtds Firmware	< 8.3.4.0
Automationdirect	Sio-Mb04Rtds	-
Automationdirect	Sio-Mb04Ads Firmware	< 8.4.3.0
Automationdirect	Sio-Mb04Ads	-
Automationdirect	Sio-Mb04Thms Firmware	< 8.5.4.0
Automationdirect	Sio-Mb04Thms	-
Automationdirect	Sio-Mb08Ads-1 Firmware	< 8.6.3.0
Automationdirect	Sio-Mb08Ads-1	-
Automationdirect	Sio-Mb08Ads-2 Firmware	< 8.7.3.0
Automationdirect	Sio-Mb08Ads-2	-
Automationdirect	Sio-Mb08Thms Firmware	< 8.8.4.0
Automationdirect	Sio-Mb08Thms	-
Automationdirect	Sio-Mb04Das Firmware	< 8.11.3.0
Automationdirect	Sio-Mb04Das	-
Automationdirect	Sio-Mb12Cdr Firmware	< 8.0.4.0
Automationdirect	Sio-Mb12Cdr	-
Automationdirect	Sio-Mb16Cdd2 Firmware	< 8.1.4.0
Automationdirect	Sio-Mb16Cdd2	-
Automationdirect	Sio-Mb16Nd3 Firmware	< 8.2.4.0
Automationdirect	Sio-Mb16Nd3	-

Related Weaknesses (CWE)

CWE-319

References

https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdfPatchVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05PatchThird Party AdvisoryUS Government Resource
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdfPatchVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05PatchThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-2485?

CVE-2022-2485 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

How severe is CVE-2022-2485?

CVE-2022-2485 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-2485?

Check the references section above for vendor advisories and patch information. Affected products include: Automationdirect Sio-Mb04Rtds Firmware, Automationdirect Sio-Mb04Rtds, Automationdirect Sio-Mb04Ads Firmware, Automationdirect Sio-Mb04Ads, Automationdirect Sio-Mb04Thms Firmware.