CVE-2024-25138

MEDIUM6.5JSON export Create alert

Description

In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

AutomationDirect / C-MORE EA9 HMI EA0-T7CL-R0 – 6.77
AutomationDirect / C-MORE EA9 HMI EA9-PGMSW0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-RHMI0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T10CL0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T10WCL0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T12CL0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T15CL0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T15CL-R0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T6CL0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T7CL0 – 6.77
AutomationDirect / C-more EA9 HMI EA9-T8CL0 – 6.77

References

VENDOR_ADVISORYhttps://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01