← back
CVE-2024-25136

AutomationDirect C-MORE EA9 HMI Path Traversal

CVSS 7.5 HIGHEPSS 0.6%CWE-22
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
AutomationDirect · C-MORE EA9 HMI EA0-T7CL-RAutomationDirect · C-MORE EA9 HMI EA9-PGMSWAutomationDirect · C-MORE EA9 HMI EA9-RHMIAutomationDirect · C-MORE EA9 HMI EA9-T10CLAutomationDirect · C-MORE EA9 HMI EA9-T10WCLAutomationDirect · C-MORE EA9 HMI EA9-T12CLAutomationDirect · C-MORE EA9 HMI EA9-T15CLAutomationDirect · C-MORE EA9 HMI EA9-T15CL-RAutomationDirect · C-MORE EA9 HMI EA9-T6CLAutomationDirect · C-MORE EA9 HMI EA9-T7CLAutomationDirect · C-MORE EA9 HMI EA9-T8CL

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01