CMORE is a family of Human-Machine Interfaces (HMI) developed by AutomationDirect. These panels are widely used in industrial control systems (ICS) to provide operators with a graphical interface for monitoring and controlling processes such as manufacturing lines, energy systems, and critical infrastructure.

From a usability and engineering standpoint, CMORE HMIs are valued for their affordability, flexibility, and integration with PLCs (Programmable Logic Controllers). But as with many industrial technologies, the cybersecurity dimension is often overlooked — and HMIs are increasingly becoming a target for cyberattacks.

Key Features of CMORE HMI

• Touchscreen interface (6"–15") with user-friendly design.
• Connectivity: Ethernet, USB, Serial (RS-232/485), SD card slots.
• Supports multiple industrial protocols (Modbus TCP/IP, EtherNet/IP, etc.).
• Remote monitoring capability (via CMORE Remote app or browser).
• Affordable compared to other industrial HMI systems.

In my research

1. found 231 endpoints where most of are from USA.
2. CMORE HMI running in many ports depends on industry
3. Many VPN, router, firewall login ports are open.
4. File directory, log file of industrial sensor are found.
5. Other industrial endpoint are detected with details.

Pros

1. Ease of Use — Operators can control complex processes with minimal training.
2. Cost-Effective — CMORE HMIs are budget-friendly compared to Rockwell or Siemens HMIs.
3. Multi-Protocol Support — Enables integration with a wide range of PLCs.
4. Remote Access — Provides flexibility for engineers to monitor processes off-site.
5. Logging & Data Capture — Supports alarms, trends, and historical data logging for diagnostics.

Cons

1. Legacy Protocols Without Encryption — Common ICS protocols like Modbus TCP are often unencrypted, allowing attackers to intercept or manipulate commands.
2. Weak Remote Access Security — The CMORE Remote app (Android/iOS) may introduce vulnerabilities if exposed directly to the internet without VPN/firewalls.
3. Default Credentials & Poor Hardening — Many installations still use vendor defaults or weak passwords.
4. Limited Patch Management — Unlike IT systems, firmware updates are less frequent and sometimes ignored in production environments.
5. Physical Access Risks — USB and SD card ports can be abused for malicious firmware or data theft if not controlled.
6. ICS Exposure — If connected to corporate or internet-facing networks, attackers can pivot from IT into OT environments.

Best Practices for CMORE HMI

• Network Segmentation: Place HMIs in a dedicated OT network, isolated from IT and internet.
• VPN & Firewall: Never expose CMORE Remote directly to the public internet; enforce VPN with MFA.
• Patch & Firmware Updates: Regularly update CMORE panels and check vendor advisories.
• Strong Access Control: Replace default credentials, enforce role-based access.
• Logging & Monitoring: Monitor unusual traffic on HMI-connected networks.
• Physical Security: Restrict access to ports and panel hardware.

This research part of oaps_another_attack_surface series, another interesting blog about industrial exposed: S7 protocol And you found me LinkedIn , support Palestine.