CVE-2022-2485
CRITICALAutomationDirect Stride Field I/O < 8.11.3.0 Cleartext Sensitive Info in Login Response
Title source: llmDescription
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
References (2)
Core 2
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_confirm
https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-05
Patch, Vendor Advisory x_refsource_confirm
https://cdn.automationdirect.com/static/firmware/product_advisory/PA-COM-006.pdf
Scores
CVSS v3
9.6
EPSS
0.0043
EPSS Percentile
34.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-319
Status
published
Products (10)
automationdirect/sio-mb04ads_firmware
< 8.4.3.0
automationdirect/sio-mb04das_firmware
< 8.11.3.0
automationdirect/sio-mb04rtds_firmware
< 8.3.4.0
automationdirect/sio-mb04thms_firmware
< 8.5.4.0
automationdirect/sio-mb08ads-1_firmware
< 8.6.3.0
automationdirect/sio-mb08ads-2_firmware
< 8.7.3.0
automationdirect/sio-mb08thms_firmware
< 8.8.4.0
automationdirect/sio-mb12cdr_firmware
< 8.0.4.0
automationdirect/sio-mb16cdd2_firmware
< 8.1.4.0
automationdirect/sio-mb16nd3_firmware
< 8.2.4.0
Published
Aug 31, 2022
Tracked Since
Feb 18, 2026