CVE-2024-25138

Claroty Security Advisory

CWE-256: Plaintext Storage of a Password

In Automation-Direct C-MORE EA9 HMI credentials used by the platform are stored as plain text on the device.

AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78

Affected versions:

  • C-MORE EA9 HMI EA9-T6CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T7CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA0-T7CL-R: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T8CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T10CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T10WCL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T12CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T15CL: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-T15CL-R: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-RHMI: Version 6.77 and prior
  • C-MORE EA9 HMI EA9-PGMSW: Version 6.77 and prior

READ MORE