CVE-2024-25137

Summary

In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.

Affected Software

VendorProductVersion RangeStatus
AutomationDirectC-MORE EA9 HMI EA9-T6CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T7CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA0-T7CL-R0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T8CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T10CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T10WCL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T12CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T15CL0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-T15CL-R0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-RHMI0 <= 6.77affected
AutomationDirectC-MORE EA9 HMI EA9-PGMSW0 <= 6.77affected

Weaknesses

  • CWE-121: CWE-121

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References