CVE-2025-0960
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AutomationDirect | C-more EA9 HMI EA9-T6CL | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T7CL-R | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T7CL | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T8CL | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T10CL | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T10WCL | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T12CL | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T15CL-R | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-T15CL | 0 <= v6.79 | affected |
| AutomationDirect | C-more EA9 HMI EA9-RHMI | 0 <= v6.79 | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Workarounds
If an immediate update is not feasible, AutomationDirect recommends considering the following interim steps until the programming software can be updated:
- Isolate the HMI Workstation: Disconnect the HMI from external networks (e.g., internet or corporate LAN) to limit exposure to external threats.
- Use dedicated, secure internal networks or air-gapped systems for communication with programmable devices.
- Control Access: Restrict physical and logical access to the HMI to authorized personnel only.
- Implement Whitelisting: Use application whitelisting to allow only pre-approved and trusted software to execute on the HMI. Block untrusted or unauthorized applications.
- Apply Endpoint Security Measures: Use antivirus or endpoint detection and response (EDR) tools to monitor for and mitigate threats. Ensure that host-based firewalls are properly configured to block unauthorized access.
- Monitor and Log Activity: Enable logging and monitoring of system activities to detect potential anomalies or unauthorized actions. Regularly review logs for suspicious activity.
- Use Secure Backup and Recovery: Regularly back up the workstation and its configurations to a secure location. Test recovery procedures to ensure minimal downtime in the event of an incident.
- Conduct Regular Risk Assessments: Continuously assess the risks posed by the outdated software and adjust mitigation measures as necessary.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-08
- https://community.automationdirect.com/s/cybersecurity/security-advisories
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.