Stack-based Buffer Overflow in AutomationDirect C-More EA9 File Parsing
CVE-2024-11609

Currently unrated

Key Information:

Vendor: Automationdirect
Status: C-more Ea9
Vendor: CVE Published:; 30 January 2025

What is CVE-2024-11609?

The vulnerability within AutomationDirect's C-More EA9 EAP9 file parsing mechanism enables remote attackers to execute arbitrary code. This flaw arises from insufficient validation of user-supplied data length before it is copied into a fixed-length stack-based buffer. To exploit this weakness, an attacker must trick the user into visiting a malicious webpage or opening a compromised file, which could lead to unauthorized code execution in the context of the affected process.

Affected Version(s)

C-More EA9 6.78

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1673/

x_research-advisory

https://certvde.com/en/bulletins/bulletins/2182-automatio...

vendor-advisory

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Nov 21, 2024

Automationdirect

What is CVE-2024-11609?

Affected Version(s)

References

Timeline