CVE-2020-10922

Name of the Vulnerable Software and Affected Versions C-MORE HMI EA9 Firmware version 6.52

Description This issue allows remote attackers to create a denial-of-service condition on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the EA-HTTP.exe process, resulting from the lack of proper input validation prior to further processing user requests. An attacker can leverage this issue to create a denial-of-service condition on the system.

Recommendations For C-MORE HMI EA9 Firmware version 6.52, consider implementing proper input validation for the EA-HTTP.exe process to prevent exploitation. As a temporary workaround, restrict access to the EA-HTTP.exe process until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.