OTPulse
FeedAboutContact

ICSA-20-035-01_AutomationDirect C-More Touch Panels

Act Now10ICS-CERT ICSA-20-035-01Feb 4, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

AutomationDirect C-More EA9 series touch panels contain an authentication bypass vulnerability (CWE-522) that allows unauthenticated remote code execution. An attacker with network access can execute arbitrary commands on the affected device with full system privileges, enabling manipulation of industrial processes or control logic. The vulnerability exists in firmware versions prior to 6.53.

What this means
What could happen
An attacker with network access to a C-More touch panel could execute arbitrary code with full system privileges, potentially modifying process setpoints, altering alarm thresholds, or shutting down critical control operations without authentication.
Who's at risk
Water authorities and municipal electric utilities using AutomationDirect C-More EA9 series touch panels for process monitoring and control. These panels are commonly used in SCADA supervisory stations, pump control systems, and equipment status displays in water treatment and power distribution.
How it could be exploited
An attacker on the network (or remotely if the panel is Internet-exposed) sends a crafted network request to the vulnerable C-More panel. The panel lacks proper authentication controls, allowing the attacker to execute arbitrary commands that can manipulate industrial processes or disable safety functions.
Prerequisites
  • Network reachability to the C-More touch panel (typically via Ethernet on port 502 or web interface on port 80/443)
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects safety systemscritical severity (CVSS 10)
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
C-More Touch Panels EA9 series: firmware< 6.536.53
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to C-More panels using firewall rules; block all unnecessary inbound connections from the business network or Internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade C-More EA9 series touch panels to firmware version 6.53 or later
Long-term hardening
0/2
HARDENINGIsolate control system networks behind firewalls and separate them physically or logically from business networks
HARDENINGIf remote access is required, use a VPN with current security patches and strong access controls rather than direct Internet exposure
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/30659410-dccf-4dac-a410-79ec69079921