CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-0960 – AutomationDirect C-more EA9 HMI Classic Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-0960
04 Feb 2025 — AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device. • https://community.automationdirect.com/s/cybersecurity/security-advisories • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11609 – AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11609
11 Dec 2024 — AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of the length of user-supplied... • https://certvde.com/en/bulletins/bulletins/2182-automationdirect-c-more-ea9-programming-software • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11610 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11610
11 Dec 2024 — AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of user-supplied data, which can result ... • https://certvde.com/en/bulletins/bulletins/2182-automationdirect-c-more-ea9-programming-software • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11611 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11611
11 Dec 2024 — AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of user-supplied data, which can result ... • https://certvde.com/en/bulletins/bulletins/2182-automationdirect-c-more-ea9-programming-software • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45368 – AutomationDirect DirectLogic H2-DM1E Session Fixation
https://notcve.org/view.php?id=CVE-2024-45368
13 Sep 2024 — The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17 • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43099 – AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay
https://notcve.org/view.php?id=CVE-2024-43099
13 Sep 2024 — The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into an ongoing authenticated session. To successfully achieve this, the attacker also needs to spoof both the IP address and MAC address of the originating host which is typical of a session-based attack. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-17 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24851
https://notcve.org/view.php?id=CVE-2024-24851
28 May 2024 — A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en la funcionalidad FiBurn de conexión del software de programación de AutomationDirect P3-550E 1.2.10.9. Un paquete de red especialmente ma... • https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003y1F2AQ/sa00025 • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24947
https://notcve.org/view.php?id=CVE-2024-24947
28 May 2024 — A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb68c4` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any traili... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1937 • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24946
https://notcve.org/view.php?id=CVE-2024-24946
28 May 2024 — A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any traili... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1937 • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24959
https://notcve.org/view.php?id=CVE-2024-24959
28 May 2024 — Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6c18`. Existen varias vulnerabilidades de escritura fuera de los límites en la funcionalid... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1938 • CWE-787: Out-of-bounds Write •