Denial-of-Service Risk in AutomationDirect C-more EA9 HMI
CVE-2025-0960

9.3CRITICAL

Key Information:

Vendor: Automationdirect
Status: C-more Ea9 Hmi Ea9-t6cl; C-more Ea9 Hmi Ea9-t7cl-r; C-more Ea9 Hmi Ea9-t7cl; C-more Ea9 Hmi Ea9-t8cl
Vendor: CVE Published:; 4 February 2025

What is CVE-2025-0960?

The C-more EA9 HMI by AutomationDirect features a function that lacks sufficient bounds checks. This vulnerability can be exploited by an attacker to either induce a denial-of-service condition or achieve remote code execution on the affected HMI devices. The implications of such exploits can significantly impact operational integrity and security, making immediate awareness and remediation critical.

Affected Version(s)

C-more EA9 HMI EA9-RHMI 0

C-more EA9 HMI EA9-T10CL 0

C-more EA9 HMI EA9-T10WCL 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-0...

https://community.automationdirect.com/s/cybersecurity/se...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 31, 2025

Credit

Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA.

Automationdirect

What is CVE-2025-0960?

Affected Version(s)

References

CVSS V4

Timeline

Credit