Main Vulnerability Database Vulnerabilities #VU24933

Insufficiently protected credentials in C-More Touch Panels EA9 series - CVE-2020-6969

Published: February 5, 2020

Vulnerability identifier: #VU24933

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-6969

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: AutomationDirect

Affected software:
C-More Touch Panels EA9 series

Detailed vulnerability description

The vulnerability allows a remote attacker to access the target system and manipulate system configurations.

The vulnerability exists due to the affected software allows to unmask credentials and other sensitive information on “unprotected” project files. A remote attacker can get account information such as usernames and passwords, obscure or manipulate process data and lock out access to the device.

How to mitigate CVE-2020-6969

Install updates from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/icsa-20-035-01

Insufficiently protected credentials in C-More Touch Panels EA9 series - CVE-2020-6969

Detailed vulnerability description

How to mitigate CVE-2020-6969

Sources

Please verify you're human