Stack-Based Buffer Overflow Vulnerability in AutomationDirect C-MORE EA9 HMI Could Lead to Denial-of-Service Conditions
CVE-2024-25137

4.3MEDIUM

Key Information:

Vendor: Automationdirect
Status: C-more Ea9 Hmi Ea9-t6cl; C-more Ea9 Hmi Ea9-t7cl; C-more Ea9 Hmi Ea0-t7cl-r; C-more Ea9 Hmi Ea9-t8cl
Vendor: CVE Published:; 26 March 2024

What is CVE-2024-25137?

In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.

Affected Version(s)

C-MORE EA9 HMI EA0-T7CL-R 0 <= 6.77

C-MORE EA9 HMI EA9-PGMSW 0 <= 6.77

C-MORE EA9 HMI EA9-RHMI 0 <= 6.77

References

https://https://www.cisa.gov/news-events/ics-advisories/i...

government-resource

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Feb 5, 2024

Credit

Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA.

Automationdirect

What is CVE-2024-25137?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit