CVE-2020-6969

high-risk
Published 2020-02-05

It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions prior to 6.53 and manipulate system configurations.

Do I need to act?

-
0.45% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (11)

C-More Ea9-Rhi Firmware
C-More Ea9-T6Cl-R Firmware
C-More Ea9-T6Cl Firmware
C-More Ea9-T7Cl-R Firmware
C-More Ea9-T7Cl Firmware
C-More Ea9-T8Cl Firmware
C-More Ea9-T10Cl Firmware
C-More Ea9-T10Wcl Firmware
C-More Ea9-T12Cl Firmware
C-More Ea9-T15Cl-R Firmware
C-More Ea9-T15Cl Firmware

Affected Vendors

Automationdirect

References (2)

Patch https://www.us-cert.gov/ics/advisories/icsa-20-035-01
Patch https://www.us-cert.gov/ics/advisories/icsa-20-035-01
50
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 16/34 · Moderate