There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2024-03-26T22:53:41.589Z
Updated: 2024-08-08T14:49:09.314Z
Reserved: 2024-02-05T21:38:12.857Z
Link: CVE-2024-25136
Vulnrichment
Updated: 2024-08-01T23:36:21.608Z
NVD
Status : Awaiting Analysis
Published: 2024-03-26T23:15:46.663
Modified: 2024-03-27T12:29:30.307
Link: CVE-2024-25136
Redhat
No data.