PatchSiren cyber security CVE debrief
CVE-2025-0960 AutomationDirect CVE debrief
CVE-2025-0960 is a critical vulnerability in AutomationDirect C-more EA9 HMI products. The advisory says a function’s bounds checks can be skipped, which could let an attacker cause denial of service or achieve remote code execution on affected devices. CISA published the advisory ICSA-25-035-08 on 2025-02-04, and the supplied remediation guidance directs users to update C-MORE EA9 HMI software and firmware to v6.80.
- Vendor
- AutomationDirect
- Product
- C-more EA9 HMI EA9-T6CL
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-04
- Original CVE updated
- 2025-02-04
- Advisory published
- 2025-02-04
- Advisory updated
- 2025-02-04
Who should care
OT and ICS operators using AutomationDirect C-more EA9 HMI devices, HMI/plant engineers, firmware administrators, and security teams responsible for segmented industrial networks should treat this as a high-priority remediation item.
Technical summary
The supplied CSAF advisory identifies 10 EA9 HMI product variants affected at versions <= 6.79, including EA9-T6CL, EA9-T7CL-R, EA9-T7CL, EA9-T8CL, EA9-T10CL, EA9-T10WCL, EA9-T12CL, EA9-T15CL-R, EA9-T15CL, and EA9-RHMI. The issue is described as a bounds-check bypass in a function, with potential denial-of-service and remote code execution impact. The advisory’s CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting network-reachable, no-authentication attack conditions and severe confidentiality, integrity, and availability impact.
Defensive priority
Immediate
Recommended defensive actions
- Upgrade affected AutomationDirect C-more EA9 HMI software and firmware to v6.80 as recommended by the vendor.
- If you cannot patch immediately, isolate the HMI workstation from external networks and keep communication on dedicated secure internal or air-gapped systems.
- Restrict physical and logical access to the HMI to authorized personnel only.
- Apply application whitelisting and host-based security controls to limit unauthorized software execution and access.
- Enable logging and monitoring to detect suspicious activity or anomalous HMI behavior.
- Maintain secure backups and test recovery procedures so you can restore configurations quickly if the device is disrupted.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-035-08 (initial publication 2025-02-04) and its remediation section. The source data lists 10 affected AutomationDirect C-more EA9 HMI product variants, all at versions <= 6.79, and recommends updating to v6.80. The advisory also provides interim mitigations for environments where immediate updating is not feasible. The included CVE.org and NVD links are official record pointers; the affected version and mitigation details come from the CSAF source item and vendor-linked remediation guidance.
Official resources
-
CVE-2025-0960 CVE record
CVE.org
-
CVE-2025-0960 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-035-08 and CVE-2025-0960 on 2025-02-04. The supplied revision history shows an initial publication on that same date.