Vulnerabilities > Automationdirect
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-31 | CVE-2022-2003 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. | 9.1 |
2022-08-31 | CVE-2022-2004 | Resource Exhaustion vulnerability in Automationdirect products AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. | 7.5 |
2022-08-31 | CVE-2022-2005 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. | 7.5 |
2022-08-31 | CVE-2022-2006 | Uncontrolled Search Path Element vulnerability in Automationdirect products AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. | 7.8 |
2022-08-31 | CVE-2022-2485 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | 7.5 |
2022-04-04 | CVE-2021-32978 | Insufficiently Protected Credentials vulnerability in Automationdirect products The programming protocol allows for a previously entered password and lock state to be read by an attacker. | 7.5 |
2022-04-04 | CVE-2021-32980 | Improper Authentication vulnerability in Automationdirect products Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. | 9.8 |
2022-04-04 | CVE-2021-32982 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. | 7.5 |
2022-04-04 | CVE-2021-32984 | Improper Authentication vulnerability in Automationdirect products All programming connections receive the same unlocked privileges, which can result in a privilege escalation. | 9.8 |
2022-04-04 | CVE-2021-32986 | Incorrect Authorization vulnerability in Automationdirect products After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. | 9.8 |