CVE-2020-10921

Name of the Vulnerable Software and Affected Versions C-MORE HMI EA9 Firmware version 6.52

Description This issue allows remote attackers to issue commands on affected installations without requiring authentication. The flaw exists within the EA-HTTP.exe process due to the lack of authentication prior to allowing system configuration alterations. An attacker can leverage this to issue commands to the physical equipment controlled by the device.

Recommendations For C-MORE HMI EA9 Firmware version 6.52, consider disabling the EA-HTTP.exe process until a patch is available to prevent exploitation. Restrict access to the system configuration to minimize the risk of unauthorized alterations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.