CVE-2024-25136

Summary

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.

Affected Software

VendorProductVersion RangeStatus
AutomationDirectC-MORE EA9 HMI EA9-T6CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T7CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA0-T7CL-R0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T8CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T10CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T10WCL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T12CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T15CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T15CL-R0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-RHMI0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-PGMSW0 <= 6.77affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References