Lucene search
K

71 matches found

NVD
NVD
added 2024/03/26 11:15 p.m.16 views

CVE-2024-25137

In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions...

4.3CVSS5.4AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/26 11:1 p.m.11 views

CVE-2024-25138 AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password

In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device...

6.5CVSS6.7AI score0.00399EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 11:1 p.m.20 views

CVE-2024-25138 AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password

In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device...

6.5CVSS6.7AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2024/03/26 11:1 p.m.64 views

CVE-2024-25138

The CVE-2024-25138 entry affects AutomationDirect C-MORE EA9 HMI, where credentials are stored in plaintext on the device. The vulnerability stems from plaintext storage of passwords in the EA9 HMI platform, enabling exposure of authentication data. CISA/ICS advisory notes potential remote exploi...

6.5CVSS6.7AI score0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/26 10:58 p.m.15 views

CVE-2024-25137 AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow

In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions...

4.3CVSS7.4AI score0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 10:58 p.m.16 views

CVE-2024-25137 AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow

In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions...

4.3CVSS5.3AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/26 10:53 p.m.9 views

CVE-2024-25136 AutomationDirect C-MORE EA9 HMI Path Traversal

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content...

7.5CVSS6.8AI score0.00618EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 10:53 p.m.29 views

CVE-2024-25136 AutomationDirect C-MORE EA9 HMI Path Traversal

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content...

7.5CVSS7.6AI score0.00618EPSS
Exploits0References1
CVE
CVE
added 2024/03/26 10:53 p.m.76 views

CVE-2024-25136

CVE-2024-25136 affects AutomationDirect C-MORE EA9 HMI. The vulnerability is a path traversal flaw where a function allows a relative URL path to be sent without proper sanitization, enabling remote exploitation with low attack complexity. Public sources (ICS advisory ICSA-24-086-01) state vulner...

7.5CVSS7.5AI score0.00618EPSS
Exploits0References1
ICS
ICS
added 2024/03/26 6:0 a.m.53 views

AutomationDirect C-MORE EA9 HMI

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : C-MORE EA9 HMI Vulnerabilities : Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS6.9AI score0.00618EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.2 views

AutomationDirect C-MORE EA9 HMI 安全漏洞

The AutomationDirect C-MORE EA9 HMI is a touchscreen from AutomationDirect, Inc. A security vulnerability exists in the AutomationDirect C-MORE EA9 HMI that stems from the use of credentials stored in plain text on the device...

6.5CVSS6.6AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.4 views

PT-2024-2369 · Automationdirect · Automationdirect C-More Ea9 Hmi

Name of the Vulnerable Software and Affected Versions: AutomationDirect C-MORE EA9 HMI affected versions not specified Description: The issue is related to a function in the AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the...

7.8CVSS6.5AI score0.00618EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.3 views

PT-2024-2711 · Automationdirect · C-More Ea9 Hmi

Name of the Vulnerable Software and Affected Versions: AutomationDirect C-MORE EA9 HMI affected versions not specified Description: The issue is related to the storage of critical information in plain text, which could allow an attacker to gain unauthorized access to protected information...

6.8CVSS6.6AI score0.00399EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.4 views

AutomationDirect C-MORE EA9 HMI 路径遍历漏洞

The AutomationDirect C-MORE EA9 HMI is a touchscreen from AutomationDirect, Inc. A path traversal vulnerability exists in the AutomationDirect C-MORE EA9 HMI that stems from not properly cleaning up content, allowing an attacker to perform path traversal over a URL...

7.5CVSS6.8AI score0.00618EPSS
Exploits0References2
NVD
NVD
added 2022/08/31 4:15 p.m.26 views

CVE-2022-2006

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

7.8CVSS0.00337EPSS
Exploits0References1
NVD
NVD
added 2022/08/31 4:15 p.m.18 views

CVE-2022-2005

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

7.5CVSS0.00441EPSS
Exploits0References1
Prion
Prion
added 2022/08/31 4:15 p.m.17 views

Code injection

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...

4.4CVSS7.6AI score0.00337EPSS
Exploits0References1Affected Software12
Prion
Prion
added 2022/08/31 4:15 p.m.18 views

Code injection

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

5CVSS7.3AI score0.00441EPSS
Exploits0References1Affected Software12
Cvelist
Cvelist
added 2022/08/31 3:33 p.m.21 views

CVE-2022-2005 AutomationDirect C-more EA9 HMI Cleartext Transmission

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

7.5CVSS7.6AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2022/08/31 3:33 p.m.54 views

CVE-2022-2005

AutomationDirect C-more EA9 HMI contains a vulnerability in its HTTP webserver that transmits credentials in an insecure, cleartext-like mechanism. Affected products include EA9-T6CL/6CL-R, T7CL/7CL-R, T8CL, T10CL/T10WCL, T12CL, T15CL/T15CL-R, RHMI, PGMSW prior to firmware 6.73. Exploitation coul...

7.5CVSS7.4AI score0.00441EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder