AutomationDirect C-More EA9 HMI

Plan Patch7.8ICS-CERT ICSA-22-167-01Jun 16, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

AutomationDirect C-More EA9 HMI devices running firmware versions below 6.73 contain vulnerabilities related to unencrypted webserver communications (CWE-319) and improper resource validation (CWE-427). These weaknesses could allow an attacker with local network access to intercept sensitive information such as passwords and control commands, or to execute arbitrary code with elevated privileges on the device. The vulnerability affects 12 models of the EA9 HMI product line. The vendor recommends upgrading to firmware 6.73 or later, which adds TLS security options for the webserver. For systems that cannot be upgraded immediately, the webserver feature can be disabled, or the device can be placed behind a VPN.

What this means

What could happen

An attacker with local access to the HMI could intercept sensitive communications (such as passwords or control commands) transmitted unencrypted over the network, or execute code with elevated privileges to alter process parameters or halt operations.

Who's at risk

Manufacturing facilities using C-More EA9 HMI panels for process monitoring and control. This includes any operation relying on these touchscreen interfaces for operator interaction with PLCs or SCADA systems, particularly those where the HMI communicates across network segments or where remote monitoring is used.

How it could be exploited

An attacker with access to the local network segment where the HMI is deployed could intercept unencrypted webserver traffic to capture credentials or control commands, or exploit the lack of input validation to inject and execute arbitrary code on the HMI device itself.

Prerequisites

Local network access to the HMI device
Ability to interact with the webserver interface (typically port 80)
No authentication required for certain functions

No patch available for affected versionsLow complexity exploitationLocal network access requiredAffects control system interfaces

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (12)

12 with fix

ProductAffected VersionsFix Status

C-more EA9 HMI - EA9-T15CL<6.736.73

C-more EA9 HMI - EA9-T15CL-R<6.736.73

C-more EA9 HMI - EA9-RHMI<6.736.73

C-more EA9 HMI - EA9-PGMSW<6.736.73

C-more EA9 HMI - EA9-T6CL<6.736.73

C-more EA9 HMI - EA9-T6CL-R<6.736.73

C-more EA9 HMI - EA9-T7CL<6.736.73

C-more EA9 HMI - EA9-T7CL-R<6.736.73

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDDisable the webserver feature on the HMI using the programming software if the web interface is not required for operations

HARDENINGPlace the HMI panel behind a VPN to restrict network access to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade firmware to Version 6.73 or later

CVEs (2)

CVE-2022-2006 CVE-2022-2005

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/00945c7c-de04-4fa6-8abb-fcad9523c854