PatchSiren cyber security CVE debrief
CVE-2024-11610 AutomationDirect CVE debrief
A file parsing memory corruption vulnerability in AutomationDirect C-More EA9 Programming Software (versions ≤6.78) allows remote code execution through unsafe handling of file data during parsing. The vulnerability was disclosed on December 5, 2024, with a CVSS 3.1 score of 7.8 (HIGH). Exploitation requires local attack vector with user interaction, but successful exploitation grants high impact across confidentiality, integrity, and availability. CISA published advisory ICSA-24-340-01 coordinating disclosure. The vendor has released version 6.79 to address this issue.
- Vendor
- AutomationDirect
- Product
- C-More EA9 Programming Software
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-05
- Original CVE updated
- 2024-12-05
- Advisory published
- 2024-12-05
- Advisory updated
- 2024-12-05
Who should care
Organizations using AutomationDirect C-More EA9 HMI systems in industrial control environments, particularly manufacturing, process control, and building automation sectors. System integrators, OT security teams, and plant engineers responsible for HMI programming workstations should prioritize patching. Critical infrastructure operators with air-gapped or isolated networks should still apply updates due to potential supply chain or removable media attack vectors.
Technical summary
The vulnerability exists in the file parsing functionality of AutomationDirect C-More EA9 Programming Software versions 6.78 and earlier. Insufficient validation of file data during parsing leads to memory corruption, which can be exploited to execute arbitrary code. The attack requires local access and user interaction (opening a malicious file), but successful exploitation results in complete system compromise with high impact on confidentiality, integrity, and availability. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow) or similar memory corruption weakness.
Defensive priority
HIGH
Recommended defensive actions
- Update AutomationDirect C-More EA9 Programming Software to version 6.79 immediately
- If immediate update is not feasible, disconnect affected workstations from external networks (internet and corporate LAN)
- Use dedicated secure internal networks or air-gapped systems for communication with programmable devices
- Restrict physical and logical access to authorized personnel only
- Implement multi-factor authentication and robust password policies
- Deploy application whitelisting to allow only pre-approved trusted software
- Use antivirus or endpoint detection and response (EDR) tools for threat monitoring
- Ensure host-based firewalls are properly configured to block unauthorized access
Evidence notes
Vulnerability disclosed via CISA CSAF advisory ICSA-24-340-01 on 2024-12-05. Affected product confirmed as AutomationDirect C-More EA9 Programming Software versions 6.78 and earlier. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Vendor remediation available in version 6.79.
Official resources
-
CVE-2024-11610 CVE record
CVE.org
-
CVE-2024-11610 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-05