CVE-2020-10922

Published Jul 23, 2020

Last updated 4 years ago

CVSS high 7.5

Overview

Description: This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.
Source: zdi-disclosures@trendmicro.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20
zdi-disclosures@trendmicro.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:automationdirect:c-more_hmi_ea9_firmware:6.52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1C98599-C96A-4EEE-BC82-A6F01398E077"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-pgmsw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "656B3283-FA47-4CCF-A124-FBAEC86BB7A7"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-rhmi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD7D15B5-FC1D-4B0E-85CC-CEF3A68C2BA4"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t10cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "584FBF19-4AFB-425F-9A78-A450C8EF4D74"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t10wcl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F79F5A11-21E8-4126-8333-1DEAFD91100E"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t12cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F3BC5B7-55B3-41FC-959F-745171FD6AB8"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t15cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63E6454D-E722-45DA-8AD7-4469DA515B62"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t15cl-r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B271A9F-5E71-4C03-8A78-84398183903C"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t6cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43E2E05B-41C9-4BE6-9344-2A78C3CE0B11"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t6cl-r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EF5C6D94-BFA6-48FF-9776-FA7C91ABE1CD"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t7cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ABC8D7A3-A3CD-4C6F-8256-FD91927C1CE4"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t7cl-r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1BE509D4-C93C-4A7F-B5C9-892073640916"
          },
          {
            "criteria": "cpe:2.3:h:automationdirect:ea9-t8cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "66885733-FD7F-4BAB-9F41-1823372FBA6D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References