CVE-2024-25136
- EPSS 0.22%
- Veröffentlicht 26.03.2024 23:15:46
- Zuletzt bearbeitet 21.11.2024 09:00:19
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
CVE-2022-2005
- EPSS 0.11%
- Veröffentlicht 31.08.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 07:00:09
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-mo...
CVE-2022-2006
- EPSS 0.2%
- Veröffentlicht 31.08.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 07:00:09
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R vers...
- EPSS 0.45%
- Veröffentlicht 05.02.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:36:24
It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configuratio...