CVE-2024-11609 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-11609

Analyzed

More Info Official Page

Source-zdi-disclosures@trendmicro.com

Published At-30 Jan, 2025 | 21:15

Updated At-12 Aug, 2025 | 15:10

AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EAP9 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24772.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.0	7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

AutomationDirect

>>c-more_ea9-t10cl_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t10cl_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t10cl>>*

cpe:2.3:h:automationdirect:c-more_ea9-t10cl:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t10wcl_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t10wcl_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t10wcl>>*

cpe:2.3:h:automationdirect:c-more_ea9-t10wcl:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t12cl_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t12cl_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t12cl>>*

cpe:2.3:h:automationdirect:c-more_ea9-t12cl:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t15cl_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t15cl_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t15cl>>*

cpe:2.3:h:automationdirect:c-more_ea9-t15cl:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t15cl-r_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t15cl-r_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t15cl-r>>*

cpe:2.3:h:automationdirect:c-more_ea9-t15cl-r:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t6cl_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t6cl_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t6cl>>*

cpe:2.3:h:automationdirect:c-more_ea9-t6cl:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t6cl-r_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t6cl-r_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t6cl-r>>*

cpe:2.3:h:automationdirect:c-more_ea9-t6cl-r:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t8cl_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-t8cl_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-t8cl>>*

cpe:2.3:h:automationdirect:c-more_ea9-t8cl:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-rhmi_firmware>>Versions up to 6.78(inclusive)

cpe:2.3:o:automationdirect:c-more_ea9-rhmi_firmware:*:*:*:*:*:*:*:*

AutomationDirect

>>c-more_ea9-rhmi>>-

cpe:2.3:h:automationdirect:c-more_ea9-rhmi:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-121	Primary	zdi-disclosures@trendmicro.com

References

Hyperlink	Source	Resource
https://certvde.com/en/bulletins/bulletins/2182-automationdirect-c-more-ea9-programming-software/	zdi-disclosures@trendmicro.com	Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-1673/	zdi-disclosures@trendmicro.com	Third Party Advisory