PT-2022-3487 · Automationdirect · C-More Ea9
Sam Hanson
·
Published
2022-06-16
·
Updated
2022-09-06
·
CVE-2022-2005
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AutomationDirect C-more EA9 versions prior to 6.73
Description
The issue is related to the insecure mechanism used by the AutomationDirect C-more EA9 HTTP webserver to transport credentials from the client to the web server. This may allow an attacker to obtain the login credentials and login as a valid user. The vulnerability is associated with the transmission of data in an open format, which could allow a remote attacker to disclose protected information.
Recommendations
For versions prior to 6.73, update to version 6.73 or later to resolve the issue.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C-More Ea9