CVE-2025-0960

AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://community.automationdirect.com/s/cybersecurity/security-advisories
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-08

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) AutomationDirect C-more EA9 HMI contiene una función con controles de los límites que se pueden omitir, lo que podría provocar que un atacante abuse de la función para provocar una condición de denegación de servicio o lograr la ejecución remota de código en el dispositivo afectado.

04 Feb 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-04 20:15

Updated : 2026-06-17 08:27

NVD link : CVE-2025-0960

Mitre link : CVE-2025-0960

CVE.ORG link : CVE-2025-0960

JSON object : View

Products Affected

No product.

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2025-0960", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-0960", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T19:50:44.079280Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "ics-cert@hq.dhs.gov", "affectedData": [{"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T6CL", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T7CL-R", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T7CL", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T8CL", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T10CL", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T10WCL", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T12CL", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T15CL-R", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-T15CL", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}, {"vendor": "AutomationDirect", "product": "C-more EA9 HMI EA9-RHMI", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v6.79"}], "defaultStatus": "unaffected"}]}], "published": "2025-02-04T20:15:50.103", "references": [{"url": "https://community.automationdirect.com/s/cybersecurity/security-advisories", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-08", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device."}, {"lang": "es", "value": "AutomationDirect C-more EA9 HMI contiene una funci\u00f3n con controles de los l\u00edmites que se pueden omitir, lo que podr\u00eda provocar que un atacante abuse de la funci\u00f3n para provocar una condici\u00f3n de denegaci\u00f3n de servicio o lograr la ejecuci\u00f3n remota de c\u00f3digo en el dispositivo afectado."}], "lastModified": "2026-06-17T08:27:26.487", "sourceIdentifier": "ics-cert@hq.dhs.gov"}