The Automation-Direct C-MORE EA9 HMI faces critical vulnerabilities including path traversal, stack-based buffer overflow, and plaintext storage of passwords, enabling attackers to exploit remote devices and compromise system integrity. Vulnerable versions like EA9-T8CL and EA9-RHMI are at risk, necessitating immediate attention and updates to V6.78 as per AutomationDirect’s recommendation.
These vulnerabilities, denoted by CVE-2024-25136, CVE-2024-25137, and CVE-2024-25138, have associated CVSS scores highlighting the severity and potential impact on system security. With a global deployment reach across sectors like Critical Manufacturing and Energy, proactive defensive measures advised by CISA include network isolation, firewall protection, and secure remote access protocols like VPNs to bolster cybersecurity resilience.
Additionally, CISA’s call for impact analysis, risk assessment, and adherence to cybersecurity best practices underlines the criticality of fortifying Industrial Control Systems (ICS) against evolving cyber threats. Despite no reported public exploitations, organizations are urged to stay vigilant, follow incident reporting procedures, and leverage available mitigation strategies to safeguard critical assets effectively.
