CVE-2020-10918

Name of the Vulnerable Software and Affected Versions C-MORE HMI EA9 Firmware version 6.52

Description This issue allows remote attackers to bypass authentication on affected installations. The flaw exists within the authentication mechanism due to insufficient authentication on post-authentication requests. An attacker can leverage this to escalate privileges to resources normally protected from unauthenticated users.

Recommendations For C-MORE HMI EA9 Firmware version 6.52, consider temporarily restricting access to the authentication mechanism until a patch is available. As a mitigation measure, review and strengthen the authentication process for post-authentication requests to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.