Vulnerabilities > Automationdirect
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-23 | CVE-2020-10922 | Improper Input Validation vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 7.5 |
| 2020-07-23 | CVE-2020-10921 | Missing Authentication for Critical Function vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 9.8 |
| 2020-07-23 | CVE-2020-10920 | Missing Authentication for Critical Function vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 9.8 |
| 2020-07-23 | CVE-2020-10919 | Inadequate Encryption Strength vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 5.9 |
| 2020-07-23 | CVE-2020-10918 | Improper Authentication vulnerability in Automationdirect C-More HMI EA9 Firmware 6.52 This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. | 7.5 |
| 2020-02-05 | CVE-2020-6969 | Insufficiently Protected Credentials vulnerability in Automationdirect products It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations. | 9.8 |
| 2017-11-13 | CVE-2017-14020 | Uncontrolled Search Path Element vulnerability in Automationdirect products In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. | 7.8 |