C-more EA9 HMI
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0960 | Cri | 0.64 | 9.8 | 0.03 | Feb 4, 2025 | AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device. | ||
| CVE-2024-25136 | Hig | 0.49 | 7.5 | 0.00 | Mar 26, 2024 | There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. | ||
| CVE-2024-25138 | Med | 0.42 | 6.5 | 0.00 | Mar 26, 2024 | In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. | ||
| CVE-2024-25137 | Med | 0.28 | 4.3 | 0.00 | Mar 26, 2024 | In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions. | ||
| CVE-2024-11611 | 0.00 | — | 0.01 | Jan 30, 2025 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this… | |||
| CVE-2024-11610 | 0.00 | — | 0.01 | Jan 30, 2025 | AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this… | |||
| CVE-2024-11609 | 0.00 | — | 0.02 | Jan 30, 2025 | AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit… | |||
| CVE-2022-2006 | 0.00 | — | 0.00 | Aug 31, 2022 | AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL… | |||
| CVE-2022-2005 | 0.00 | — | 0.00 | Aug 31, 2022 | AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions… |
- risk 0.64cvss 9.8epss 0.03
AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.
- risk 0.49cvss 7.5epss 0.00
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
- risk 0.42cvss 6.5epss 0.00
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.
- risk 0.28cvss 4.3epss 0.00
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.
- CVE-2024-11611Jan 30, 2025risk 0.00cvss —epss 0.01
AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this…
- CVE-2024-11610Jan 30, 2025risk 0.00cvss —epss 0.01
AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this…
- CVE-2024-11609Jan 30, 2025risk 0.00cvss —epss 0.02
AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit…
- CVE-2022-2006Aug 31, 2022risk 0.00cvss —epss 0.00
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL…
- CVE-2022-2005Aug 31, 2022risk 0.00cvss —epss 0.00
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions…