CVE-2020-10919

Vulnerability

The vulnerability exists in C-MORE HMI EA9 touch screen panels running firmware version 6.52. When transmitting passwords, the device encrypts them using a recoverable format, meaning the encryption can be reversed to obtain the plaintext password. This flaw is present in the password handling mechanism. No authentication is required to trigger the vulnerable code path. [1]

Exploitation

An attacker can exploit this vulnerability remotely without any prior authentication. The attacker needs network access to the affected HMI panel. By capturing or intercepting the password transmission (e.g., during login or configuration), the attacker can obtain the encrypted password and then reverse the recoverable encryption to recover the plaintext credential. The specific steps involve monitoring network traffic for password exchanges and applying a decryption method to the recoverable format. [1]

Impact

Successful exploitation allows an attacker to disclose sensitive credentials, such as user passwords. This can lead to further compromise of the HMI system and potentially the industrial control environment. The confidentiality of credentials is breached, and the attacker may gain unauthorized access to the device or network. [1]

Mitigation

The ZDI advisory notes that a fix was planned but does not specify a fixed version or release date. As of the publication date (2020-07-23), no patch was publicly available. Users should contact the vendor for updated firmware. If no fix is available, network segmentation and strict access controls should be implemented to limit exposure. [1]