VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 23, 2020· Updated Aug 4, 2024

CVE-2020-10921

CVE-2020-10921

Description

This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Remote unauthenticated attackers can execute commands on C-MORE HMI EA9 touch panels via missing authentication in EA-HTTP.exe.

Vulnerability

The vulnerability exists in the EA-HTTP.exe process of C-MORE HMI EA9 firmware version 6.52. The system allows alterations to system configuration without authentication, enabling remote attackers to issue arbitrary commands. Affected versions include firmware 6.52 and possibly earlier releases [1].

Exploitation

An attacker can exploit this vulnerability by sending crafted HTTP requests to the EA-HTTP service. No authentication is required, and the attacker only needs network access to the device. No user interaction or special privileges are needed [1].

Impact

Successful exploitation allows the attacker to issue commands to the physical equipment controlled by the HMI. This can lead to complete compromise of confidentiality, integrity, and availability (CVSS 9.8) [1].

Mitigation

As of the publication date, no official fix has been released by C-MORE. Mitigation strategies include restricting network access to the device and placing it behind a firewall. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. Users should monitor for firmware updates [1].

References
  1. ZDI-20-807

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • C-MORE/EA9llm-fuzzy
    Range: =6.52
  • C-MORE/HMI EA9v5
    Range: Firmware version 6.52

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.