CVE-2024-25137
published 2024-03-26CVE-2024-25137: In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may…
PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.45%
35.9th percentile
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automationdirect | c-more_ea9_hmi_ea0-t7cl-r | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-pgmsw | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-rhmi | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t10cl | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t10wcl | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t12cl | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t15cl | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t15cl-r | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t6cl | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t7cl | <= 6.77 | — |
| automationdirect | c-more_ea9_hmi_ea9-t8cl | <= 6.77 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pr88-vhj7-4qvr: In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack w
ghsa_unreviewed·2024-03-27
CVE-2024-25137 [MEDIUM] CWE-121 GHSA-pr88-vhj7-4qvr: In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack w
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.
CISA ICS
Automation-Direct C-MORE EA9 HMI
cisa_ics·2024-03-26·CVSS 7.5
[HIGH] Automation-Direct C-MORE EA9 HMI
ICS Advisory
##
Automation-Direct C-MORE EA9 HMI
Release DateMarch 26, 2024
Alert CodeICSA-24-086-01
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: AutomationDirect
- Equipment: C-MORE EA9 HMI
- Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to exploit a remote device and inject malicious code on the panel.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of C-MORE EA9 HMI, a display system used for interfacing with controllers, are affected:
- C-MORE EA9 HMI EA9-T6CL: Version 6.77 and prior
- C-MORE EA9 HMI EA9-T7CL: Versi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-26
Published