CVE-2024-25136 Information

Description

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.

Reference

https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01