71 matches found
CVE-2024-25137
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions...
CVE-2024-25138 AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device...
CVE-2024-25138 AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device...
CVE-2024-25138
The CVE-2024-25138 entry affects AutomationDirect C-MORE EA9 HMI, where credentials are stored in plaintext on the device. The vulnerability stems from plaintext storage of passwords in the EA9 HMI platform, enabling exposure of authentication data. CISA/ICS advisory notes potential remote exploi...
CVE-2024-25137 AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions...
CVE-2024-25137 AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions...
CVE-2024-25136 AutomationDirect C-MORE EA9 HMI Path Traversal
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content...
CVE-2024-25136 AutomationDirect C-MORE EA9 HMI Path Traversal
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content...
CVE-2024-25136
CVE-2024-25136 affects AutomationDirect C-MORE EA9 HMI. The vulnerability is a path traversal flaw where a function allows a relative URL path to be sent without proper sanitization, enabling remote exploitation with low attack complexity. Public sources (ICS advisory ICSA-24-086-01) state vulner...
AutomationDirect C-MORE EA9 HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : C-MORE EA9 HMI Vulnerabilities : Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...
AutomationDirect C-MORE EA9 HMI 安全漏洞
The AutomationDirect C-MORE EA9 HMI is a touchscreen from AutomationDirect, Inc. A security vulnerability exists in the AutomationDirect C-MORE EA9 HMI that stems from the use of credentials stored in plain text on the device...
PT-2024-2369 · Automationdirect · Automationdirect C-More Ea9 Hmi
Name of the Vulnerable Software and Affected Versions: AutomationDirect C-MORE EA9 HMI affected versions not specified Description: The issue is related to a function in the AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the...
PT-2024-2711 · Automationdirect · C-More Ea9 Hmi
Name of the Vulnerable Software and Affected Versions: AutomationDirect C-MORE EA9 HMI affected versions not specified Description: The issue is related to the storage of critical information in plain text, which could allow an attacker to gain unauthorized access to protected information...
AutomationDirect C-MORE EA9 HMI 路径遍历漏洞
The AutomationDirect C-MORE EA9 HMI is a touchscreen from AutomationDirect, Inc. A path traversal vulnerability exists in the AutomationDirect C-MORE EA9 HMI that stems from not properly cleaning up content, allowing an attacker to perform path traversal over a URL...
CVE-2022-2006
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...
CVE-2022-2005
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...
Code injection
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to...
Code injection
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...
CVE-2022-2005 AutomationDirect C-more EA9 HMI Cleartext Transmission
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...
CVE-2022-2005
AutomationDirect C-more EA9 HMI contains a vulnerability in its HTTP webserver that transmits credentials in an insecure, cleartext-like mechanism. Affected products include EA9-T6CL/6CL-R, T7CL/7CL-R, T8CL, T10CL/T10WCL, T12CL, T15CL/T15CL-R, RHMI, PGMSW prior to firmware 6.73. Exploitation coul...