VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 23, 2020· Updated Aug 4, 2024

CVE-2020-10922

CVE-2020-10922

Description

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

C-MORE HMI EA9 touch panels (firmware 6.52) suffer from a denial-of-service vulnerability in EA-HTTP.exe due to improper input validation, allowing remote unauthenticated attackers to crash the system.

Vulnerability

The vulnerability exists in the EA-HTTP.exe process of C-MORE HMI EA9 touch screen panels running firmware version 6.52. The issue is caused by improper input validation of user requests before processing, allowing an attacker to trigger a denial-of-service condition. [1]

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted network requests to the affected device. No authentication or user interaction is required. The attacker can leverage this to cause the EA-HTTP.exe process to crash, resulting in a denial-of-service state. [1]

Impact

Successful exploitation leads to a denial-of-service condition, rendering the HMI panel unresponsive. This can disrupt industrial control operations relying on the touch screen interface. The impact is limited to availability (C:N/I:N/A:H). [1]

Mitigation

As of the publication date (2020-07-23), no fix has been announced by the vendor. Users should restrict network access to the device, isolate it from untrusted networks, and monitor for future firmware updates from C-MORE. [1]

References
  1. ZDI-20-809

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • C-MORE/EA9llm-create
    Range: =6.52
  • C-MORE/HMI EA9v5
    Range: Firmware version 6.52

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.