PT-2024-2369 · Automationdirect · Automationdirect C-More Ea9 Hmi

Name of the Vulnerable Software and Affected Versions: AutomationDirect C-MORE EA9 HMI affected versions not specified Description: The issue is related to a function in the AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the...

AutomationDirect C-MORE EA9 HMI 安全漏洞

The AutomationDirect C-MORE EA9 HMI is a touchscreen from AutomationDirect, Inc. A security vulnerability exists in the AutomationDirect C-MORE EA9 HMI that stems from the use of credentials stored in plain text on the device...

CISA Releases Eight industrial Control Systems Advisories

CISA has released eight 8 Industrial Control Systems ICS advisories on September 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories...

CVE-2022-2005

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

CVE-2022-2485

Any attempt good or bad to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets...

CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

CVE-2022-2006

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

CVE-2022-2006

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

CVE-2022-2004

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to...

CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

CVE-2022-2485

Any attempt good or bad to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets...

Design/Logic Flaw

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

Default credentials

Any attempt good or bad to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets...

Code injection

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

Code injection

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

Design/Logic Flaw

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to...

CVE-2022-2485 AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information

Any attempt good or bad to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets...

CVE-2022-2485

CVE-2022-2485 – AutomationDirect Stride Field I/O vulnerability affecting Stride Field I/O devices with listed SIO-MB04RTDS, SIO-MB04ADS, SIO-MB04THMS, SIO-MB08ADS-1/2, SIO-MB08THMS, SIO-MB04DAS, SIO-MB12CDR, SIO-MB16CDD2, SIO-MB16ND3 and related batch numbers. Root cause: cleartext transmission ...

CVE-2022-2485 AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information

Any attempt good or bad to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets...

CVE-2022-2003 AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...