Vulnerabilites related to Moxa - EDS-510A Series
var-201903-0177
Vulnerability from variot
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. Moxa IKS and EDS Contains an out-of-bounds read vulnerability.Information obtained and denial of service (DoS) May be in a state. MoxaIKS and EDS are Moxa's line of industrial switches. There is an out-of-bounds read vulnerability in the MoxaIKS and EDS series. The vulnerability stems from a program failing to properly validate array bounds. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0177",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6522",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06056",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ab3d4b23-d209-43d9-8414-74602516531f",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157957",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6522",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6522",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6522",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6522",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06056",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-950",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157957",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6522",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. Moxa IKS and EDS Contains an out-of-bounds read vulnerability.Information obtained and denial of service (DoS) May be in a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There is an out-of-bounds read vulnerability in the MoxaIKS and EDS series. The vulnerability stems from a program failing to properly validate array bounds. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6522"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6522",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06056",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "AB3D4B23-D209-43D9-8414-74602516531F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157957",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6522",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"id": "VAR-201903-0177",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
}
]
},
"last_update_date": "2024-11-23T21:52:28.356000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "MoxaIKS and EDS out of bounds read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155121"
},
{
"title": "Multiple Moxa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89667"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6522"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6522"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157957"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"date": "2019-03-05T20:29:00.343000",
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157957"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"date": "2024-11-21T04:46:37.277000",
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
],
"trust": 0.8
}
}
var-201903-0176
Vulnerability from variot
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. Moxa IKS and EDS Contains an access control vulnerability.Information may be tampered with. MoxaIKS and EDS are Moxa's line of industrial switches. The vulnerability stems from the device failing to properly check permissions on the server side. An attacker could exploit this vulnerability to modify the configuration. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6520",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06179",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-157955",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6520",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6520",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6520",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6520",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-06179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-958",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157955",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6520",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. Moxa IKS and EDS Contains an access control vulnerability.Information may be tampered with. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. The vulnerability stems from the device failing to properly check permissions on the server side. An attacker could exploit this vulnerability to modify the configuration. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6520"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6520",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06179",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "44FF4A4F-B858-48D2-8216-B32637775BF7",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157955",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6520",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"id": "VAR-201903-0176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
}
]
},
"last_update_date": "2024-11-23T21:52:28.487000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/"
},
{
"title": "MoxaIKS and EDS access patches for improper control of vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155207"
},
{
"title": "Multiple Moxa Product access control error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89674"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6520"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6520"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157955"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"date": "2019-03-05T20:29:00.297000",
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-157955"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"date": "2020-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"date": "2024-11-21T04:46:37.030000",
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
],
"trust": 0.6
}
}
var-201903-0186
Vulnerability from variot
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. There are predictable cookie vulnerabilities in the MoxaIKS and EDS series. The vulnerability stems from the fact that the software generates a predictable cookie that uses the MD5 hash calculation. An attacker could exploit the vulnerability to capture an administrator password for complete control of the device. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. The vulnerability is caused by the program generating easily predictable cookies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6563",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06058",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-157998",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6563",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6563",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6563",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6563",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-943",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157998",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6563",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator\u0027s password, which could lead to a full compromise of the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There are predictable cookie vulnerabilities in the MoxaIKS and EDS series. The vulnerability stems from the fact that the software generates a predictable cookie that uses the MD5 hash calculation. An attacker could exploit the vulnerability to capture an administrator password for complete control of the device. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. The vulnerability is caused by the program generating easily predictable cookies",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6563",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06058",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "968D3D57-4F83-4A50-9BEC-32450036E0E1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157998",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6563",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"id": "VAR-201903-0186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
}
]
},
"last_update_date": "2024-11-23T21:52:28.266000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/"
},
{
"title": "MoxaIKS and EDS can predict patches for cookie vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155117"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89662"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.1
},
{
"problemtype": "CWE-341",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6563"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6563"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157998"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"date": "2019-03-05T20:29:00.547000",
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157998"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"date": "2024-11-21T04:46:42.157000",
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
],
"trust": 0.6
}
}
var-201903-0183
Vulnerability from variot
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. Moxa IKS and EDS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. A buffer overflow vulnerability exists in the MoxaIKS and EDS families. An attacker could exploit this vulnerability for remote code execution. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6557",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06175",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157992",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6557",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6557",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6557",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6557",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-967",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157992",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6557",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. Moxa IKS and EDS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. A buffer overflow vulnerability exists in the MoxaIKS and EDS families. An attacker could exploit this vulnerability for remote code execution. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6557"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6557",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06175",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "D8B199A7-2E07-425C-BCC8-CF8073155286",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157992",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6557",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"id": "VAR-201903-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
}
]
},
"last_update_date": "2024-11-23T21:52:28.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155223"
},
{
"title": "Multiple Moxa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=89680"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6557"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6557"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157992"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"date": "2019-03-05T20:29:00.437000",
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157992"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"date": "2022-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"date": "2024-11-21T04:46:41.423000",
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
],
"trust": 0.8
}
}
var-201903-0184
Vulnerability from variot
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. Moxa IKS and EDS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. There are uncontrolled resource consumption vulnerabilities in the MoxaIKS and EDS series. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6559",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06059",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-157994",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6559",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6559",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6559",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6559",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-06059",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-942",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157994",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. Moxa IKS and EDS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There are uncontrolled resource consumption vulnerabilities in the MoxaIKS and EDS series. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6559",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06059",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "9E2FEFA7-3C84-4516-9A5E-A95588AD4487",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157994",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6559",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"id": "VAR-201903-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
}
]
},
"last_update_date": "2024-11-23T21:52:28.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "MoxaIKS and EDS patches for uncontrolled resource consumption vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155115"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89661"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6559"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6559"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157994"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"date": "2019-03-05T20:29:00.467000",
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157994"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"date": "2024-11-21T04:46:41.670000",
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
],
"trust": 0.8
}
}
var-201903-0187
Vulnerability from variot
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. Moxa IKS and EDS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaIKS and EDS are Moxa's line of industrial switches. A cross-site scripting vulnerability exists in the MoxaIKS and EDS series. The vulnerability stems from a failure to properly validate user input. An attacker could exploit this vulnerability for a cross-site scripting attack. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6565",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06178",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158000",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6565",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-6565",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6565",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6565",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-06178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-961",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158000",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. Moxa IKS and EDS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. A cross-site scripting vulnerability exists in the MoxaIKS and EDS series. The vulnerability stems from a failure to properly validate user input. An attacker could exploit this vulnerability for a cross-site scripting attack. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6565",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06178",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "709E83C1-C0D8-464A-B6C8-07E965AE9B94",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158000",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6565",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"id": "VAR-201903-0187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
}
]
},
"last_update_date": "2024-11-23T21:52:28.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS Cross-Site Scripting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155215"
},
{
"title": "Multiple Moxa Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6565"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6565"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-158000"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"date": "2019-03-05T20:29:00.577000",
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-158000"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"date": "2024-11-21T04:46:42.397000",
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
],
"trust": 0.6
}
}
var-201903-0178
Vulnerability from variot
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. Moxa IKS and EDS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. MoxaIKS and EDS series have excessive certification attempts to limit the vulnerability. An attacker can exploit the vulnerability to discover passwords through brute force attacks. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. A security vulnerability exists in several Moxa products due to the program not adequately limiting the number of authentication requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6524",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06054",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "1b1fb0ed-df65-4062-818e-9ac627102377",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157959",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6524",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6524",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6524",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6524",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06054",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-955",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157959",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6524",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. Moxa IKS and EDS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. MoxaIKS and EDS series have excessive certification attempts to limit the vulnerability. An attacker can exploit the vulnerability to discover passwords through brute force attacks. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. A security vulnerability exists in several Moxa products due to the program not adequately limiting the number of authentication requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6524"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6524",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06054",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "1B1FB0ED-DF65-4062-818E-9AC627102377",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157959",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6524",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"id": "VAR-201903-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
}
]
},
"last_update_date": "2024-11-23T21:52:28.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/"
},
{
"title": "MoxaIKS and EDS over-certification attempts to improperly limit the patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155125"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89672"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6524"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6524"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/307.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157959"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"date": "2019-03-05T20:29:00.357000",
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-157959"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"date": "2020-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"date": "2024-11-21T04:46:37.530000",
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
],
"trust": 0.6
}
}
var-201903-0185
Vulnerability from variot
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. MoxaIKS and EDS are Moxa's line of industrial switches. An attacker could exploit the vulnerability to perform unauthorized actions on the device. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06177",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ed923030-6378-4e47-850e-003a04af5c17",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157996",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6561",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6561",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6561",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6561",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-06177",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-964",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157996",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6561",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. An attacker could exploit the vulnerability to perform unauthorized actions on the device. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6561",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06177",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "ED923030-6378-4E47-850E-003A04AF5C17",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157996",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6561",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"id": "VAR-201903-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
}
]
},
"last_update_date": "2024-11-23T21:52:28.078000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155221"
},
{
"title": "Multiple Moxa Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89679"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6561"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6561"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157996"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"date": "2019-03-05T20:29:00.513000",
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157996"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"date": "2024-11-21T04:46:41.923000",
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
],
"trust": 0.6
}
}
var-201903-0174
Vulnerability from variot
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information may be obtained. MoxaIKS and EDS are Moxa's line of industrial switches. There are plaintext password storage vulnerabilities in MoxaIKS and EDS series. The vulnerability stems from the program storing passwords in clear text. An attacker could exploit this vulnerability to read sensitive information. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6518",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06057",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157953",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6518",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6518",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6518",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-06057",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-946",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157953",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information may be obtained. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There are plaintext password storage vulnerabilities in MoxaIKS and EDS series. The vulnerability stems from the program storing passwords in clear text. An attacker could exploit this vulnerability to read sensitive information. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6518",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06057",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "40881ACB-846B-4C5B-831C-2D62DD81F1DF",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157953",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6518",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"id": "VAR-201903-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
}
]
},
"last_update_date": "2024-11-23T21:52:28.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS plaintext password storage vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155119"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-256",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6518"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6518"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157953"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"date": "2019-03-05T20:29:00.263000",
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-157953"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"date": "2020-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"date": "2024-11-21T04:46:36.780000",
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
],
"trust": 0.6
}
}
var-201904-1553
Vulnerability from variot
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. plural Moxa There are vulnerabilities related to certificate and password management and encryption in the product.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. MoxaIKS and EDS series lack sensitive data for encryption holes. The vulnerability stems from the fact that these devices transmit sensitive data in clear text. An attacker could exploit this vulnerability to capture sensitive data such as administrative passwords. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. Encryption issues exist in several Moxa products. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1553",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-510a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "iks-g6824a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and Vyacheslav Moskvin of Positive Technologies Security,Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6526",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6526",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-06055",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157961",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6526",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6526",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6526",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6526",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06055",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-953",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157961",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6526",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. plural Moxa There are vulnerabilities related to certificate and password management and encryption in the product.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. MoxaIKS and EDS series lack sensitive data for encryption holes. The vulnerability stems from the fact that these devices transmit sensitive data in clear text. An attacker could exploit this vulnerability to capture sensitive data such as administrative passwords. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. Encryption issues exist in several Moxa products. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6526"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6526",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953",
"trust": 0.9
},
{
"db": "BID",
"id": "107178",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06055",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "08B8F9FE-72AD-4D47-BF81-C57B81A839E4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157961",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6526",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"id": "VAR-201904-1553",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
}
]
},
"last_update_date": "2024-11-23T21:52:28.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "MoxaIKS and EDS sensitive data lack patches for encryption vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155123"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89670"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6526"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6526"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"date": "2019-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-157961"
},
{
"date": "2019-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"date": "2019-04-15T12:31:42.447000",
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157961"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"date": "2024-11-21T04:46:37.790000",
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa Vulnerabilities related to certificate and password management in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
],
"trust": 0.6
}
}
cve-2024-9137
Vulnerability from cvelistv5
Published
2024-10-14 08:09
Modified
2025-01-17 07:36
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
EPSS score ?
Summary
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncell_g4302-lte4",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edf-g1002-bp",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9004",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-8010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-14T15:27:27.483068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:32:26.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-5500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lars Haulin"
}
],
"datePublic": "2024-10-14T08:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\u003c/p\u003e"
}
],
"value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T07:36:41.866Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\"\u003eMissing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\"\u003eCVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances \n\n * CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Moxa Service Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to the \u003cem\u003eGeneral Security Best Practices\u003c/em\u003e\u0026nbsp;section to further strengthen your security posture.\u003c/p\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions:\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\n\n\nRefer to the General Security Best Practices\u00a0section to further strengthen your security posture."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9137",
"datePublished": "2024-10-14T08:09:22.689Z",
"dateReserved": "2024-09-24T07:11:35.456Z",
"dateUpdated": "2025-01-17T07:36:41.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7695
Vulnerability from cvelistv5
Published
2025-01-29 07:42
Modified
2025-02-22 14:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.
References
| â–¼ | URL | Tags |
|---|---|---|
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–¼ | Moxa | PT-7728 Series |
Version: 1.0 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:21:18.811300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:14.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:48:56.211Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Out-of-bounds Write Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions: \n\n\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-7695",
"datePublished": "2025-01-29T07:42:54.913Z",
"dateReserved": "2024-08-12T03:06:13.231Z",
"dateUpdated": "2025-02-22T14:48:56.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9404
Vulnerability from cvelistv5
Published
2024-12-04 03:54
Modified
2025-02-20 01:56
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS score ?
Summary
This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.
References
| â–¼ | URL | Tags |
|---|---|---|
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–¼ | Moxa | VPort 07-3 Series |
Version: 1.0 < |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T20:10:01.447858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T21:04:30.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VPort 07-3 Series",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa\u0027s cybersecurity testing team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6: Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T01:56:28.176Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePlease refer to the security advisories:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Please refer to the security advisories:\n\n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003eDisable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied.\u003c/li\u003e\n\u003c/ul\u003e"
}
],
"value": "To mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\n\n\n\n\n * Disable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9404",
"datePublished": "2024-12-04T03:54:32.073Z",
"dateReserved": "2024-10-01T06:37:38.790Z",
"dateUpdated": "2025-02-20T01:56:28.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}