CVE-2024-25136

AutomationDirect C-MORE EA9 HMI Path Traversal

Description

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.

Remediation

Solution:

AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78 https://www.automationdirect.com/support/software-downloads .

References

Link	Tags
https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01	government resource

Frequently Asked Questions

What is the severity of CVE-2024-25136?: CVE-2024-25136 has been scored as a high severity vulnerability.
How to fix CVE-2024-25136?: To fix CVE-2024-25136: AutomationDirect recommends that users update C-MORE EA9 HMI to V6.78 https://www.automationdirect.com/support/software-downloads .
Is CVE-2024-25136 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-25136 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-25136?: CVE-2024-25136 affects AutomationDirect C-MORE EA9 HMI EA9-T6CL, AutomationDirect C-MORE EA9 HMI EA9-T7CL, AutomationDirect C-MORE EA9 HMI EA0-T7CL-R, AutomationDirect C-MORE EA9 HMI EA9-T8CL, AutomationDirect C-MORE EA9 HMI EA9-T10CL, AutomationDirect C-MORE EA9 HMI EA9-T10WCL, AutomationDirect C-MORE EA9 HMI EA9-T12CL, AutomationDirect C-MORE EA9 HMI EA9-T15CL, AutomationDirect C-MORE EA9 HMI EA9-T15CL-R, AutomationDirect C-MORE EA9 HMI EA9-RHMI, AutomationDirect C-MORE EA9 HMI EA9-PGMSW.

Description

Remediation

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions