Main Vulnerability Database Vulnerabilities #VU24933

#VU24933 Insufficiently protected credentials in C-More Touch Panels EA9 series - CVE-2020-6969

Published: February 5, 2020

Vulnerability identifier: #VU24933

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-6969

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
C-More Touch Panels EA9 series

Software vendor:
AutomationDirect

Description

The vulnerability allows a remote attacker to access the target system and manipulate system configurations.

The vulnerability exists due to the affected software allows to unmask credentials and other sensitive information on “unprotected” project files. A remote attacker can get account information such as usernames and passwords, obscure or manipulate process data and lock out access to the device.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-035-01

#VU24933 Insufficiently protected credentials in C-More Touch Panels EA9 series - CVE-2020-6969

Description

Remediation

External links

Please verify you're human