AutomationDirect C-More EA9 HMI

Risk Summary

Successful exploitation of these vulnerabilities could cause a loss of sensitive information and the ability to run code execution with elevated privileges.

CVEs (2)

Remediations

• AutomationDirect recommends users upgrade to firmware Version 6.73 or later, which supports TLS security options for the webserver.
• While automation networks and systems have built-in password protection schemes, this is only one step in securing the affected systems. Automation control system networks must incorporate data protection and security measures at least as robust as a typical business computer system. AutomationDirect recommends users of PLCs, HMI products, and other SCADA system products perform independent network security analysis to determine the proper level of security required for the application.
• The Webserver feature can be disabled on the HMI using the programming software.
• Place the HMI panel behind a VPN: Access to and from critical control system assets in the modern environment is usually LAN based, but still should be considered remote if the operator is traversing across different networks. virtual private networking (VPN) is often considered the best approach in securing trans-network communication.
• Please refer to the following link for supporting information related to security considerations.
• For additional information, please refer to AutomationDirect Product Advisory.

Affected Vendors

Affected Products (12)

Affected Sectors

Multiple Sectors