Plain Text Credential Storage Vulnerability in AutomationDirect C-MORE EA9 HMI
CVE-2024-25138

Currently unrated

Key Information:

Vendor: AutomationDirect
Vendor: CVE Published:; 26 March 2024

What is CVE-2024-25138?

The AutomationDirect C-MORE EA9 HMI contains a vulnerability where sensitive credentials are stored in plain text directly on the device. This raises significant security concerns as it potentially allows unauthorized access to the device if compromised. Users and organizations utilizing this product should be aware of the risks associated with such insecure storage practices and take necessary precautions to secure their environments.

References

https://https://www.cisa.gov/news-events/ics-advisories/i...

Timeline

Vulnerability published
Mar 26, 2024