CVE-2022-2005
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;
Affected (12)
Products: Automationdirect: C More Ea9 T6cl Firmware, C More Ea9 T6cl R Firmware, C More Ea9 T7cl Firmware, C More Ea9 T7cl R Firmware, C More Ea9 T8cl Firmware, C More Ea9 T10cl Firmware, C More Ea9 T10wcl Firmware, C More Ea9 T12cl Firmware, C More Ea9 T15cl Firmware, C More Ea9 T15cl R Firmware, C More Ea9 Rhmi Firmware, C More Ea9 Pgmsw Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T6cl | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T6cl R | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T7cl | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T7cl R | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T8cl | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T10cl | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T10wcl | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T12cl | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T15cl | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 T15cl R | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 Rhmi | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.73 |
| Running on/with | Platform Versions |
|---|---|
Automationdirect C More Ea9 Pgmsw | All versions |
References (2)
Source: ics-cert@hq.dhs.gov
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource
Timeline
No history available yet.