Vulnerabilities > Automationdirect

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-2003 Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext.
network
low complexity
automationdirect CWE-319
critical
9.1
2022-08-31 CVE-2022-2004 Resource Exhaustion vulnerability in Automationdirect products
AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition.
network
low complexity
automationdirect CWE-400
7.5
2022-08-31 CVE-2022-2005 Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user.
network
low complexity
automationdirect CWE-319
7.5
2022-08-31 CVE-2022-2006 Uncontrolled Search Path Element vulnerability in Automationdirect products
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process.
local
low complexity
automationdirect CWE-427
7.8
2022-08-31 CVE-2022-2485 Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.
network
low complexity
automationdirect CWE-319
7.5
2022-04-04 CVE-2021-32978 Insufficiently Protected Credentials vulnerability in Automationdirect products
The programming protocol allows for a previously entered password and lock state to be read by an attacker.
network
low complexity
automationdirect CWE-522
7.5
2022-04-04 CVE-2021-32980 Improper Authentication vulnerability in Automationdirect products
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections.
network
low complexity
automationdirect CWE-287
critical
9.8
2022-04-04 CVE-2021-32982 Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers.
network
low complexity
automationdirect CWE-319
7.5
2022-04-04 CVE-2021-32984 Improper Authentication vulnerability in Automationdirect products
All programming connections receive the same unlocked privileges, which can result in a privilege escalation.
network
low complexity
automationdirect CWE-287
critical
9.8
2022-04-04 CVE-2021-32986 Incorrect Authorization vulnerability in Automationdirect products
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout.
network
low complexity
automationdirect CWE-863
critical
9.8