AutomationDirect C-More EA9 File Parsing Memory Corruption Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in AutomationDirect C-More EA9 programming software, all versions through 6.78. This issue arises from improper validation of user-supplied data during the parsing of EAP9 files, leading to memory corruption. Exploitation of this vulnerability requires user interaction, as the target must open a malicious file or visit a harmful webpage.

Impact

Exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system, potentially leading to unauthorized control or system compromise.

Remediation

Users are advised to update C-More EA9 HMI to version 6.79. If an immediate update is not possible, AutomationDirect recommends isolating the engineering workstation from external networks, controlling access to the workstation, implementing application whitelisting, applying endpoint security measures, monitoring and logging activity, hardening the workstation, and using secure backup and recovery practices.