AutomationDirect C-More EA9 Programming Software 缓冲区错误漏洞

AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. AutomationDirect C-More EA9 Programming Software suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data when parsing an EAP9 file, resulting ...

AutomationDirect C-More EA9 Programming Software 缓冲区错误漏洞

AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. AutomationDirect C-More EA9 Programming Software suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data when parsing an EAP9 file, resulting ...

AutomationDirect C-More EA9 Programming Software 安全漏洞

AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect C-More EA9 Programming Software that stems from a lack of proper validation of the length of user-supplied data when parsing an EAP9 file,...

AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

AutomationDirect DirectLogic H2-DM1E 授权问题漏洞

AutomationDirect DirectLogic H2-DM1E is a programmable logic controller from AutomationDirect. An authorization issue vulnerability exists in AutomationDirect DirectLogic H2-DM1E that stems from insecure authentication...

AutomationDirect DirectLogic H2-DM1E 安全漏洞

AutomationDirect DirectLogic H2-DM1E is a programmable logic controller from AutomationDirect. A security vulnerability exists in AutomationDirect DirectLogic H2-DM1E version 2.8.0 and prior versions, which stems from the presence of a session hijacking attack that allows an attacker to inject...

AutomationDirect DirectLogic H2-DM1E

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : AutomationDirect Equipment : DirectLogic H2-DM1E Vulnerabilities : Session Fixation, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of...

The vulnerability of the scanLib.bin library in the microprogramming software for programmable logic controllers AutomationDirect P3-550E allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the scanLib.bin library in the microprogramming software for AutomationDirect P3-550E controllers is related to insufficient data authenticity checks. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...

The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Programming Software Connection component of AutomationDirect P3-550E microprogrammed logic controllers is related to lack of access control measures. Exploiting this vulnerability could allow an attacker to gain access to confidential information...

The vulnerability of the Software Connection Remote Memory Diagnostics component in the AutomationDirect P3-550E programmable logic controllers allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the Software Connection Remote Memory Diagnostics component in the AutomationDirect P3-550E programmable logic controllers is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a service failure...

The vulnerability of the microprogrammed software of AutomationDirect P3-550E, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed software in AutomationDirect P3-550E controllers is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the microprogrammed software for AutomationDirect P3-550E, related to the output of operations outside the buffer in memory, allows a intruder to trigger a malfunction during maintenance.

The vulnerability of the microprogrammed software in AutomationDirect P3-550E controllers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause malfunctions in the system...

The vulnerability of the microprogrammed software of AutomationDirect P3-550E, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed software in AutomationDirect P3-550E controllers is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the microprogramming software for AutomationDirect P3-550E lies in the possibility of writing beyond the buffer boundaries in memory, allowing a intruder to cause malfunctions during maintenance.

The vulnerability of the microprogrammed software in AutomationDirect P3-550E controllers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause malfunctions in the system remotely...

PT-2024-17135 · Automationdirect · Automationdirect C-More Ea9 Hmi

Name of the Vulnerable Software and Affected Versions: AutomationDirect C-More EA9 affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this issue...