1. Home
  2. CVE Database
  3. CVE-2020-10918
HIGH · 7.5

CVE-2020-10918

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit thi...

Vulnerability Description

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AutomationdirectC-More Hmi Ea9 Firmware6.52
AutomationdirectEa9-Pgmsw-
AutomationdirectEa9-Rhmi-
AutomationdirectEa9-T10Cl-
AutomationdirectEa9-T10Wcl-
AutomationdirectEa9-T12Cl-
AutomationdirectEa9-T15Cl-
AutomationdirectEa9-T15Cl-R-
AutomationdirectEa9-T6Cl-
AutomationdirectEa9-T6Cl-R-
AutomationdirectEa9-T7Cl-
AutomationdirectEa9-T7Cl-R-
AutomationdirectEa9-T8Cl-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2020-10918?

CVE-2020-10918 is a vulnerability with a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit thi...

How severe is CVE-2020-10918?

CVE-2020-10918 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-10918?

Check the references section above for vendor advisories and patch information. Affected products include: Automationdirect C-More Hmi Ea9 Firmware, Automationdirect Ea9-Pgmsw, Automationdirect Ea9-Rhmi, Automationdirect Ea9-T10Cl, Automationdirect Ea9-T10Wcl.