CVE-2024-25136

Claroty Security Advisory

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

There is a function in Automation-Direct C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.

AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78

Affected versions:

  • C-MORE EA9 HMI EA9-T6CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T7CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA0-T7CL-R: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T8CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T10CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T10WCL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T12CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T15CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T15CL-R: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-RHMI: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-PGMSW: Version 6.77 and prior

READ MORE