This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.
References
Link | Resource |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-20-806/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-20-806/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.zerodayinitiative.com/advisories/ZDI-20-806/ - Third Party Advisory, VDB Entry |
25 Apr 2022, 17:39
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 |
Information
Published : 2020-07-23 16:15
Updated : 2024-11-21 04:56
NVD link : CVE-2020-10919
Mitre link : CVE-2020-10919
CVE.ORG link : CVE-2020-10919
JSON object : View
Products Affected
automationdirect
- ea9-t8cl
- ea9-pgmsw
- ea9-t10cl
- c-more_hmi_ea9_firmware
- ea9-rhmi
- ea9-t15cl
- ea9-t6cl-r
- ea9-t10wcl
- ea9-t12cl
- ea9-t7cl-r
- ea9-t15cl-r
- ea9-t6cl
- ea9-t7cl