Remote Code Execution Vulnerability in AutomationDirect C-More EA9
CVE-2024-11611

Currently unrated

Key Information:

Vendor: Automationdirect
Status: C-more Ea9
Vendor: CVE Published:; 30 January 2025

What is CVE-2024-11611?

A remote code execution vulnerability exists in the AutomationDirect C-More EA9 EAP9 product due to improper validation of user-supplied data during the parsing of EAP9 files. This flaw could allow a remote attacker to execute arbitrary code on affected installations. The exploitation of this weakness requires user interaction, as the victim must open a compromised file or visit a malicious webpage. Proper security measures and updates should be applied considering the ramifications of this issue to ensure that systems remain secure.

Affected Version(s)

C-More EA9 6.78

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1675/

x_research-advisory

https://certvde.com/en/bulletins/bulletins/2182-automatio...

vendor-advisory

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Nov 21, 2024

Automationdirect

What is CVE-2024-11611?

Affected Version(s)

References

Timeline