CVE-2020-6969

CRITICAL

Automationdirect C-more Ea9-rhi Firmware - Insufficiently Protected...

Title source: rule

Description

It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.

References (1)

[Patch, Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-20-035-01

Scores

CVSS v3 9.8

EPSS 0.0045

EPSS Percentile 63.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (11)

automationdirect/c-more_ea9-rhi_firmware < 6.53

automationdirect/c-more_ea9-t6cl-r_firmware < 6.53

automationdirect/c-more_ea9-t6cl_firmware < 6.53

automationdirect/c-more_ea9-t7cl-r_firmware < 6.53

automationdirect/c-more_ea9-t7cl_firmware < 6.53

automationdirect/c-more_ea9-t8cl_firmware < 6.53

automationdirect/c-more_ea9-t10cl_firmware < 6.53

automationdirect/c-more_ea9-t10wcl_firmware < 6.53

automationdirect/c-more_ea9-t12cl_firmware < 6.53

automationdirect/c-more_ea9-t15cl-r_firmware < 6.53

automationdirect/c-more_ea9-t15cl_firmware < 6.53

Timeline

Published Feb 05, 2020

Tracked Since Feb 18, 2026