CVE-2022-2005

AutomationDirect C-more EA9 HMI Cleartext Transmission

Description

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73;

Remediation

Solution:

AutomationDirect recommends users upgrade to firmware Version 6.73 or later, which supports TLS security options for the webserver. While automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application. AutomationDirect has identified the following mitigations for instances where systems cannot be upgraded to Version 6.73 or later: The Webserver feature can be disabled on the HMI using the programming software. Place the HMI panel behind a VPN: Access to and from critical control system assets in the modern environment is usually LAN based, but still should be considered remote if the operator is traversing across different networks. virtual private networking (VPN) is often considered the best approach in securing trans-network communication.

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-01	us government resource third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2022-2005?: CVE-2022-2005 has been scored as a high severity vulnerability.
How to fix CVE-2022-2005?: To fix CVE-2022-2005: AutomationDirect recommends users upgrade to firmware Version 6.73 or later, which supports TLS security options for the webserver. While automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application. AutomationDirect has identified the following mitigations for instances where systems cannot be upgraded to Version 6.73 or later: The Webserver feature can be disabled on the HMI using the programming software. Place the HMI panel behind a VPN: Access to and from critical control system assets in the modern environment is usually LAN based, but still should be considered remote if the operator is traversing across different networks. virtual private networking (VPN) is often considered the best approach in securing trans-network communication.
Is CVE-2022-2005 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-2005 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-2005?: CVE-2022-2005 affects AutomationDirect C-more EA9.

Description

Remediation

Category

CWE-319 – Cleartext Transmission of Sensitive Information

References

Frequently Asked Questions