AutomationDirect C-More Touch Panels (ICSA-20-035-01) – Product Used in the Water and Wastewater and Energy Sectors

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on an insufficiently protected credentials vulnerability in AutomationDirect C-More Touch Panels. Firmware versions prior to 6.53 are affected. Successful exploitation of this vulnerability may allow an attacker to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device. AutomationDirect recommends users upgrade to version 6.53. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.