← Back to home
ICSA-24-340-01  ·  Published 2024-12-05  ·  View on CISA ICS-CERT ↗

AutomationDirect C-More EA9 Programming Software

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could result in memory corruption; a buffer overflow condition may allow remote code execution.

CVEs (3)

Remediations

  • To resolve these vulnerabilities AutomationDirect recommends that users update C-MORE EA9 HMI to V6.79.
  • If an immediate update is not feasible, AutomationDirect recommends considering the following interim steps until the programming software can be updated:
  • Disconnect the workstation from external networks (e.g., internet or corporate LAN) to limit exposure to external threats.
  • Use dedicated, secure internal networks or air-gapped systems for communication with programmable devices.
  • Restrict physical and logical access to the workstation to authorized personnel only.
  • Implement multi-factor authentication (MFA) and robust password policies for user accounts.
  • Use application whitelisting to allow only pre-approved and trusted software to execute on the workstation.
  • Block untrusted or unauthorized applications.
  • Use antivirus or endpoint detection and response (EDR) tools to monitor for and mitigate threats.
  • Ensure that host-based firewalls are properly configured to block unauthorized access.
  • Enable logging and monitoring of system activities to detect potential anomalies or unauthorized actions.
  • Regularly review logs for suspicious activity.
  • Remove or disable unnecessary services and software to reduce the attack surface.
  • Implement security configurations, such as disabling autorun for USB drives or restricting administrative privileges.
  • Regularly back up the workstation and its configurations to a secure location.
  • Test recovery procedures to ensure minimal downtime in the event of an incident.
  • Continuously assess the risks posed by the outdated software and adjust mitigation measures as necessary.
  • For more information, please see the AutomationDirect security advisory.

Affected Vendors

AutomationDirect

Affected Products (1)

AutomationDirect · C-More EA9 Programming Software <=6.78

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more