Vulnerabilities > Automationdirect > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-31 | CVE-2022-2004 | Unspecified vulnerability in Automationdirect products AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. | 7.5 |
| 2022-08-31 | CVE-2022-2005 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. | 7.5 |
| 2022-08-31 | CVE-2022-2006 | Unspecified vulnerability in Automationdirect products AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. | 7.8 |
| 2022-08-31 | CVE-2022-2485 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | 7.5 |
| 2022-04-04 | CVE-2021-32978 | Insufficiently Protected Credentials vulnerability in Automationdirect products The programming protocol allows for a previously entered password and lock state to be read by an attacker. | 7.5 |
| 2022-04-04 | CVE-2021-32982 | Cleartext Transmission of Sensitive Information vulnerability in Automationdirect products Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. | 7.5 |
| 2020-07-23 | CVE-2020-10922 | Improper Input Validation vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 7.5 |
| 2020-07-23 | CVE-2020-10918 | Unspecified vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 7.5 |
| 2017-11-13 | CVE-2017-14020 | Uncontrolled Search Path Element vulnerability in Automationdirect products In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. | 7.8 |