CVE-2022-2005

原作者: [db:作者] 来自: [db:来源] 收藏邀请

Current Description

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;

View Analysis Description

Severity

CVSS 3.x Severity and Metrics:

CNA: ICS-CERT

Base Score: 7.5 HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: The NVD and the CNA have provided the same score. When this occurs only the CNA information is displayed, but the Acceptance Level icon for the CNA is given a checkmark to signify NVD concurrence.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Hyperlink	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01	Patch Third Party Advisory US Government Resource

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-319	Cleartext Transmission of Sensitive Information	NIST ICS-CERT

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

1 change records found show changes

Initial Analysis 9/06/2022 7:49:20 PM

Action	Type	Old Value	New Value
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-pgmsw_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-pgmsw:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-rhmi_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-rhmi:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t10cl_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t10cl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t10wcl_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t10wcl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t12cl_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t12cl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t15cl-r_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t15cl-r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t15cl_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t15cl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t6cl-r_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t6cl-r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t6cl_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t6cl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t7cl-r_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t7cl-r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t7cl_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t7cl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:automationdirect:c-more_ea9-t8cl_firmware::::::::* versions up to (excluding) 6.73 OR cpe:2.3:h:automationdirect:c-more_ea9-t8cl:-:::::::*
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Added	CWE		NIST CWE-319
Changed	Reference Type	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01 No Types Assigned	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01 Patch, Third Party Advisory, US Government Resource

鲜花

握手

雷人

路过

鸡蛋

该文章已有0人参与评论

请发表评论

全部评论

专题导读

More+

09-23 CVE-2020-36276

09-18 CVE-2022-36676

09-18 CVE-2022-36674

09-18 CVE-2022-36672

09-18 CVE-2022-36671

09-18 CVE-2022-36675

09-18 CVE-2022-36449

09-18 CVE-2022-36130

09-18 CVE-2022-37130

09-18 CVE-2022-37129

09-18 CVE-2022-37123

09-18 CVE-2022-36619

09-18 CVE-2022-37125

09-18 CVE-2022-36051

09-18 CVE-2022-36620

09-18 CVE-2022-36203

09-18 CVE-2022-36202

09-18 CVE-2022-36201

09-18 CVE-2022-2898

09-18 CVE-2022-2897

09-18 CVE-2022-2896

09-18 CVE-2022-2894

09-18 CVE-2022-2895

09-18 CVE-2022-2892

09-18 CVE-2022-36582

09-18 CVE-2022-36581

09-18 CVE-2022-36580

09-18 CVE-2022-36571

09-18 CVE-2022-36570

09-18 CVE-2022-36569

CVE-2022-2043发布时间：2022-09-18

CVE-2022-2004发布时间：2022-09-18

剪的笔顺,诠释剪的笔画,认识剪的部首

1 六六分期app的软件客服如何联系？(六六分期

六六分期app的软件客服如何联系？不知道吗？加qq群【895510560】即可！标题：六六分期

阅读：18885|2023-10-27

2 可心卡盟:win10系统火狐flash插件崩溃怎么

今天小编告诉大家如何处理win10系统火狐flash插件总是崩溃的问题，可能很多用户都不知

阅读：9893|2022-11-06

3 亲亲特价:怎么删除回收站图标

今天小编告诉大家如何对win10系统删除桌面回收站图标进行设置，可能很多用户都不知道

阅读：8292|2022-11-06

4 济南大学虚拟社区:鲁大师节能降温的具体办

今天小编告诉大家如何对win10系统电脑设置节能降温的设置方法，想必大家都遇到过需要

阅读：8652|2022-11-06

5 xlueops.exe:无线网络安装向导

我们在使用xp系统的过程中,经常需要对xp系统无线网络安装向导设置进行设置，可能很多

阅读：8582|2022-11-06

6 女斗合众国:win7系统cf与主机连接不稳定怎

今天小编告诉大家如何处理win7系统玩cf老是与主机连接不稳定的问题，可能很多用户都不

阅读：9588|2022-11-06

7 0xc000022-[cf烟雾头]cf怎么调烟雾头

电脑对日常生活的重要性小编就不多说了，可是一旦碰到win7系统设置cf烟雾头的问题，很

阅读：8575|2022-11-06

8 qizideyouhuo:应用程序无法正常启动0xc0000

我们在日常使用电脑的时候，有的小伙伴们可能在打开应用的时候会遇见提示应用程序无法

阅读：7966|2022-11-06

9 ipz-185:win7系统vcf文件怎么打开

今天小编告诉大家如何对win7系统打开vcf文件进行设置，可能很多用户都不知道怎么对win

阅读：8583|2022-11-06

10 傻哥蹦迪:win10系统s4怎么打开usb调试

今天小编告诉大家如何对win10系统s4开启USB调试模式进行设置，可能很多用户都不知道怎

阅读：7505|2022-11-06

客服电话

电子邮件

CVE-2022-2005

Current Description

Analysis Description

Severity

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis 9/06/2022 7:49:20 PM

请发表评论

全部评论

上一篇：

下一篇：

matlab关于环境的配置

solegalli/feature-selection-for-machine-

tianli/matlab_offscreen: Matlab offscree

win7系统重装系统初始设置的操作方法

これがマストドンだ！使い方からインスタ

剪的笔顺,诠释剪的笔画,认识剪的部首

六六分期app的软件客服如何联系？(六六分期

florent37/ViewAnimator: A fluent Android

florent37/Shrine-MaterialDesign2: implem

CVE-2020-36276

SimpleSoftwareIO/simple-sms: Send and re

关于我们

产品与服务

解决方案

139-2527-9053

客服电话

电子邮件

CVE-2022-2005

Current Description

Analysis Description

Severity

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis 9/06/2022 7:49:20 PM

请发表评论

全部评论

上一篇：

下一篇：

matlab关于环境的配置

solegalli/feature-selection-for-machine-

tianli/matlab_offscreen: Matlab offscree

win7系统重装系统初始设置的操作方法

これがマストドンだ！ 使い方からインスタ

剪的笔顺,诠释剪的笔画,认识剪的部首

六六分期app的软件客服如何联系？(六六分期

florent37/ViewAnimator: A fluent Android

florent37/Shrine-MaterialDesign2: implem

CVE-2020-36276

SimpleSoftwareIO/simple-sms: Send and re

关于我们

产品与服务

解决方案

139-2527-9053

これがマストドンだ！使い方からインスタ