Vulnerabilites related to Moxa - EDS-G516E Series
var-202003-1674
Vulnerability from variot
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. Moxa EDS-G516E A series firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1674",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g516e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": "eds-g516e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds g516e",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-510e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
}
]
},
"cve": "CVE-2020-7007",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7007",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003172",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13515",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7007",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003172",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7007",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003172",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-13515",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1163",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1163"
},
{
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. Moxa EDS-G516E A series firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7007"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7007",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13515",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1163",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0726",
"trust": 0.6
},
{
"db": "IVD",
"id": "DD888719-4BA2-4DFA-B117-2597AF1780E1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1163"
},
{
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"id": "VAR-202003-1674",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13515"
}
],
"trust": 1.6518518666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13515"
}
]
},
"last_update_date": "2024-11-23T21:36:01.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-managed-switches/eds-g516e-series"
},
{
"title": "Patch for Moxa EDS-G516E and EDS-510E series Buffer Overflow Vulnerability (CNVD-2020-13515)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204831"
},
{
"title": "Moxa EDS-G516E and EDS-510E Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110363"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1163"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7007"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0726/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1163"
},
{
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1163"
},
{
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1163"
},
{
"date": "2020-03-24T21:15:15.300000",
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13515"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003172"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1163"
},
{
"date": "2024-11-21T05:36:28.860000",
"db": "NVD",
"id": "CVE-2020-7007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1163"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-G516E Out-of-bounds write vulnerabilities in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003172"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "dd888719-4ba2-4dfa-b117-2597af1780e1"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1163"
}
],
"trust": 0.8
}
}
var-202003-1599
Vulnerability from variot
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. Moxa EDS-G516E A vulnerability exists in the series firmware regarding the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g516e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": "eds-g516e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds g516e",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
},
{
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-510e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
}
]
},
"cve": "CVE-2020-6981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6981",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003311",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13518",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6981",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003311",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6981",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003311",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-13518",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1160",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
},
{
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1160"
},
{
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. Moxa EDS-G516E A vulnerability exists in the series firmware regarding the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6981"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6981",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13518",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1160",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0726",
"trust": 0.6
},
{
"db": "IVD",
"id": "255E7D54-94BC-4D44-97EE-490EDF87C4CA",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
},
{
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1160"
},
{
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"id": "VAR-202003-1599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
},
{
"db": "CNVD",
"id": "CNVD-2020-13518"
}
],
"trust": 1.6518518666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
},
{
"db": "CNVD",
"id": "CNVD-2020-13518"
}
]
},
"last_update_date": "2024-11-23T21:36:01.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-managed-switches/eds-g516e-series"
},
{
"title": "Patch for Moxa EDS-G516E and EDS-510E series hard certificate vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204841"
},
{
"title": "Moxa EDS-G516E and EDS-510E Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110360"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6981"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6981"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0726/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1160"
},
{
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
},
{
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1160"
},
{
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "IVD",
"id": "255e7d54-94bc-4d44-97ee-490edf87c4ca"
},
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1160"
},
{
"date": "2020-03-24T21:15:14.737000",
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13518"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003311"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1160"
},
{
"date": "2024-11-21T05:36:25.693000",
"db": "NVD",
"id": "CVE-2020-6981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-G516E Vulnerability in using hard-coded credentials in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003311"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1160"
}
],
"trust": 0.6
}
}
var-202003-1614
Vulnerability from variot
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. Moxa EDS-G516E The series firmware contains a vulnerability related to the request for a weak password.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa.
Moxa's EDS-G516E and EDS-510E series have weak password vulnerabilities. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1614",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g516e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": "eds-g516e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds g516e",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-510e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
}
]
},
"cve": "CVE-2020-6991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6991",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003313",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13510",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6991",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003313",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6991",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003313",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-13510",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1158",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1158"
},
{
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. Moxa EDS-G516E The series firmware contains a vulnerability related to the request for a weak password.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. \n\r\n\r\nMoxa\u0027s EDS-G516E and EDS-510E series have weak password vulnerabilities. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6991"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6991",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13510",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1158",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0726",
"trust": 0.6
},
{
"db": "IVD",
"id": "3DB247F7-D599-44CA-8DFB-82369BAFE2C9",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1158"
},
{
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"id": "VAR-202003-1614",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"db": "CNVD",
"id": "CNVD-2020-13510"
}
],
"trust": 1.6518518666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"db": "CNVD",
"id": "CNVD-2020-13510"
}
]
},
"last_update_date": "2024-11-23T21:36:01.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-managed-switches/eds-g516e-series"
},
{
"title": "Patch for Moxa EDS-G516E and EDS-510E series weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204849"
},
{
"title": "Moxa EDS-G516E and EDS-510E Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110358"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1158"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6991"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6991"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0726/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1158"
},
{
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1158"
},
{
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1158"
},
{
"date": "2020-03-24T21:15:15.020000",
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13510"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003313"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1158"
},
{
"date": "2024-11-21T05:36:26.910000",
"db": "NVD",
"id": "CVE-2020-6991"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-G516E Vulnerability in requesting weak passwords in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003313"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "3db247f7-d599-44ca-8dfb-82369bafe2c9"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1158"
}
],
"trust": 0.8
}
}
var-202003-1669
Vulnerability from variot
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa.
Moxa's EDS-G516E and EDS-510E series have weak cryptographic algorithm vulnerabilities. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1669",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g516e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": "eds-g516e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds g516e",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
},
{
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-510e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
}
]
},
"cve": "CVE-2020-7001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7001",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003308",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13516",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7001",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003308",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7001",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003308",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13516",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1162",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
},
{
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1162"
},
{
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. \n\r\n\r\nMoxa\u0027s EDS-G516E and EDS-510E series have weak cryptographic algorithm vulnerabilities. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7001",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13516",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1162",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0726",
"trust": 0.6
},
{
"db": "IVD",
"id": "9854F1FF-3E72-4834-A6B7-C6E49F21230A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
},
{
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1162"
},
{
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"id": "VAR-202003-1669",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
},
{
"db": "CNVD",
"id": "CNVD-2020-13516"
}
],
"trust": 1.6518518666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
},
{
"db": "CNVD",
"id": "CNVD-2020-13516"
}
]
},
"last_update_date": "2024-11-23T21:36:01.531000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-managed-switches/eds-g516e-series"
},
{
"title": "Patch for Moxa EDS-G516E and EDS-510E series weak password algorithm vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204835"
},
{
"title": "Moxa EDS-G516E and EDS-510E Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110362"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1162"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7001"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7001"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0726/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1162"
},
{
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
},
{
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1162"
},
{
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "IVD",
"id": "9854f1ff-3e72-4834-a6b7-c6e49f21230a"
},
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1162"
},
{
"date": "2020-03-24T21:15:15.223000",
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13516"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003308"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1162"
},
{
"date": "2024-11-21T05:36:28.103000",
"db": "NVD",
"id": "CVE-2020-7001"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1162"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-G516E Vulnerability in using cryptographic algorithms in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003308"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1162"
}
],
"trust": 0.6
}
}
var-202003-1597
Vulnerability from variot
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa.
Moxa's EDS-G516E and EDS-510E series have hard-coded vulnerabilities that could be used by attackers to recover confidential data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g516e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": "eds-g516e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds g516e",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-510e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
}
]
},
"cve": "CVE-2020-6979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6979",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003310",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13517",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6979",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003310",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003310",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13517",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1161",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1161"
},
{
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. \n\r\n\r\nMoxa\u0027s EDS-G516E and EDS-510E series have hard-coded vulnerabilities that could be used by attackers to recover confidential data",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6979",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13517",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1161",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0726",
"trust": 0.6
},
{
"db": "IVD",
"id": "05AC23A8-FA6A-4F54-8359-7314AFD236B1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1161"
},
{
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"id": "VAR-202003-1597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13517"
}
],
"trust": 1.6518518666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13517"
}
]
},
"last_update_date": "2024-11-23T21:36:01.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-managed-switches/eds-g516e-series"
},
{
"title": "Patch for Moxa EDS-G516E and EDS-510E series hardcoded vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204837"
},
{
"title": "Moxa EDS-G516E and EDS-510E Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110361"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1161"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
},
{
"problemtype": "CWE-321",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6979"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6979"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0726/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1161"
},
{
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
},
{
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1161"
},
{
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "IVD",
"id": "05ac23a8-fa6a-4f54-8359-7314afd236b1"
},
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1161"
},
{
"date": "2020-03-24T21:15:14.660000",
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13517"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003310"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1161"
},
{
"date": "2024-11-21T05:36:25.467000",
"db": "NVD",
"id": "CVE-2020-6979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-G516E Vulnerability in using hard-coded credentials in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003310"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1161"
}
],
"trust": 0.6
}
}
var-202003-1612
Vulnerability from variot
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. Moxa PT-7528 and PT-7828 A series firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa.
Moxa EDS-G516E and EDS-510E series have a buffer overflow vulnerability, which can be exploited by an attacker to cause a buffer overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1612",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pt-7528-8mst-16tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-16mst-8tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-8mst-16tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-f-48-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-24tx-wv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-8mst-16tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-f-24",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-24tx-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-12mst-12tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-12mst-12tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-12mst-12tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-f-24-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-8msc-16tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-16mst-8tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-12msc-12tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-r-24",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-8msc-16tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-24tx-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-12msc-12tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-16mst-8tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-24tx-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-20mst-4tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-r-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-20mst-4tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-f-48-48",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828-f-24-24",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-20mst-4tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-8msc-16tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-16mst-8tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-20msc-4tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-12mst-12tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-f-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-8mst-16tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-r-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-8ssc-16tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-f-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-16msc-8tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-8msc-16tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-r-24-24",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828-r-48-48",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-16msc-8tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-20msc-4tx-4gsfp-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-20msc-4tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-16msc-8tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-20mst-4tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-16msc-8tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-f-48",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828-r-48-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828-r-48",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-12msc-12tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-12msc-12tx-4gsfp-hv-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-24tx-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-8ssc-16tx-4gsfp-wv-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-20msc-4tx-4gsfp-wv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828-r-24-hv",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7528-24tx-hv",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-24tx-hv-hv",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-24tx-wv",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-24tx-wv-hv",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7528-24tx-wv-wv",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "pt-7828 f-24",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828 f-24-24",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828 f-24-hv",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828 f-48",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "pt-7828 f-48-48",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.9"
},
{
"model": "eds-510e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": "eds-g516e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 24tx hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12mst 12tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12mst 12tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12mst 12tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12mst 12tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16msc 8tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16msc 8tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16msc 8tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16msc 8tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16mst 8tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16mst 8tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 24tx hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16mst 8tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 16mst 8tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20msc 4tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20msc 4tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20msc 4tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20msc 4tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20mst 4tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20mst 4tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20mst 4tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 20mst 4tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 24tx wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8msc 16tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8msc 16tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8msc 16tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8msc 16tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8mst 16tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8mst 16tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8mst 16tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8mst 16tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8ssc 16tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 8ssc 16tx 4gsfp wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 24tx wv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f 24",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f 24 24",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f 24 hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f 48",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f 48 48",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f 48 hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 f hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r 24",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r 24 24",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 24tx wv wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r 24 hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r 48",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r 48 48",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r 48 hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7828 r hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12msc 12tx 4gsfp hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12msc 12tx 4gsfp hv hv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12msc 12tx 4gsfp wv",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pt 7528 12msc 12tx 4gsfp wv wv",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:pt-7528-24tx-hv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7528-24tx-hv-hv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7528-24tx-wv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7528-24tx-wv-hv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7528-24tx-wv-wv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7828-f-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7828-f-24-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7828-f-24-hv_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7828-f-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:pt-7828-f-48-48_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
}
]
},
"cve": "CVE-2020-6989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6989",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003324",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13508",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6989",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003324",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6989",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-003324",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-13508",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1174",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-6989",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"db": "VULMON",
"id": "CVE-2020-6989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1174"
},
{
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. Moxa PT-7528 and PT-7828 A series firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. \n\r\n\r\nMoxa EDS-G516E and EDS-510E series have a buffer overflow vulnerability, which can be exploited by an attacker to cause a buffer overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "VULMON",
"id": "CVE-2020-6989"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6989",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-03",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2020-13508",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1174",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0726",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47437",
"trust": 0.6
},
{
"db": "IVD",
"id": "A9490CC0-BCF2-409D-BCB5-EDFE1E07190B",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-6989",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"db": "VULMON",
"id": "CVE-2020-6989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1174"
},
{
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"id": "VAR-202003-1612",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "CNVD",
"id": "CNVD-2020-13508"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "CNVD",
"id": "CNVD-2020-13508"
}
]
},
"last_update_date": "2024-11-23T21:36:01.726000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for Moxa EDS-G516E and EDS-510E series buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204843"
},
{
"title": "Moxa PT-7528 and PT-7828 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6989"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6989"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0726/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47437"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176778"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"db": "VULMON",
"id": "CVE-2020-6989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1174"
},
{
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"db": "VULMON",
"id": "CVE-2020-6989"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1174"
},
{
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"date": "2020-03-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6989"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1174"
},
{
"date": "2020-03-24T19:15:21.400000",
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13508"
},
{
"date": "2020-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6989"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003324"
},
{
"date": "2020-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1174"
},
{
"date": "2024-11-21T05:36:26.670000",
"db": "NVD",
"id": "CVE-2020-6989"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa PT-7528 and PT-7828 Out-of-bounds write vulnerabilities in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003324"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "a9490cc0-bcf2-409d-bcb5-edfe1e07190b"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1174"
}
],
"trust": 0.8
}
}
var-202003-1667
Vulnerability from variot
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. An attacker can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1667",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eds-g516e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-510e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": "eds-g516e series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds g516e",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-510e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
}
]
},
"cve": "CVE-2020-6997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-6997",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003314",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2020-13509",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6997",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003314",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6997",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003314",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13509",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1159"
},
{
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. An attacker can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6997"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6997",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2020-13509",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1159",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.0726",
"trust": 0.6
},
{
"db": "IVD",
"id": "EB9F01E4-AC5F-4BD0-8A5D-99327A66456F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1159"
},
{
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"id": "VAR-202003-1667",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"db": "CNVD",
"id": "CNVD-2020-13509"
}
],
"trust": 1.6518518666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"db": "CNVD",
"id": "CNVD-2020-13509"
}
]
},
"last_update_date": "2024-11-23T21:36:01.322000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDS-G516E Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/ethernet-switches/layer-2-managed-switches/eds-g516e-series"
},
{
"title": "Patch for Moxa EDS-G516E and EDS-510E series clear text transmission vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204847"
},
{
"title": "Moxa EDS-G516E and EDS-510E Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110792"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6997"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6997"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0726/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1159"
},
{
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1159"
},
{
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"date": "2020-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1159"
},
{
"date": "2020-03-24T21:15:15.113000",
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13509"
},
{
"date": "2020-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003314"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1159"
},
{
"date": "2024-11-21T05:36:27.640000",
"db": "NVD",
"id": "CVE-2020-6997"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-G516E Vulnerability in plaintext transmission of critical information in series firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003314"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "eb9f01e4-ac5f-4bd0-8a5d-99327a66456f"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1159"
}
],
"trust": 0.8
}
}
cve-2024-9137
Vulnerability from cvelistv5
Published
2024-10-14 08:09
Modified
2025-01-17 07:36
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
EPSS score ?
Summary
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncell_g4302-lte4",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edf-g1002-bp",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9004",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-8010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-14T15:27:27.483068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T14:32:26.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-5500A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lars Haulin"
}
],
"datePublic": "2024-10-14T08:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\u003c/p\u003e"
}
],
"value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-216",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-216 Communication Channel Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T07:36:41.866Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances\"\u003eMissing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches\"\u003eCVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances \n\n * CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Moxa Service Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to the \u003cem\u003eGeneral Security Best Practices\u003c/em\u003e\u0026nbsp;section to further strengthen your security posture.\u003c/p\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions:\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\n\n\nRefer to the General Security Best Practices\u00a0section to further strengthen your security posture."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9137",
"datePublished": "2024-10-14T08:09:22.689Z",
"dateReserved": "2024-09-24T07:11:35.456Z",
"dateUpdated": "2025-01-17T07:36:41.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7695
Vulnerability from cvelistv5
Published
2025-01-29 07:42
Modified
2025-02-22 14:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.
References
| â–¼ | URL | Tags |
|---|---|---|
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–¼ | Moxa | PT-7728 Series |
Version: 1.0 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:21:18.811300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:14.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G4500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-G6500 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMultiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. \u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T14:48:56.211Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240164-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-en-50155-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please refer to the security advisories:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Please refer to the security advisories:\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240163-cve-2024-7695-out-of-bounds-write-vulnerability-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Out-of-bounds Write Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eTo mitigate the risks associated with this vulnerability, we recommend the following actions: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eDisable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "To mitigate the risks associated with this vulnerability, we recommend the following actions: \n\n\n\n * Disable Moxa Service and Moxa Service (Encrypted) temporarily if they are not required for operations. This will minimize potential attack vectors until a patch or updated firmware is applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-7695",
"datePublished": "2025-01-29T07:42:54.913Z",
"dateReserved": "2024-08-12T03:06:13.231Z",
"dateUpdated": "2025-02-22T14:48:56.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9404
Vulnerability from cvelistv5
Published
2024-12-04 03:54
Modified
2025-02-20 01:56
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS score ?
Summary
This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.
References
| â–¼ | URL | Tags |
|---|---|---|
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches | vendor-advisory | |
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–¼ | Moxa | VPort 07-3 Series |
Version: 1.0 < |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T20:10:01.447858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T21:04:30.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VPort 07-3 Series",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-608 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-611 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-616 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-619 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-405A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-408A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-505A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-508A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-516A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G509 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P510A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-510E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-518E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-528E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G508E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G512E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-G516E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDS-P506E Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7526A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7528A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7748A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7750A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7752A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7826A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7828A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7848A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7850A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICS-G7852A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6524A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6726A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-6728A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IKS-G6824A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3006 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3008 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SDS-G3016 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7728 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-7828 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G503 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PT-G510 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa\u0027s cybersecurity testing team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6: Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Limited Impact: In some cases, the vulnerability may only cause the network server service (HTTPS on port 443) to restart. This does not disrupt the device\u2019s core functions, and after an automatic restart, the service resumes normal operation."
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Higher Impact: In more severe exploitation scenarios, attackers can leverage the Moxa service (moxa_cmd), originally intended for deployment purposes. Due to insufficient input validation, this can lead to a cold start or a denial-of-service (DoS) condition, resulting in a full device reboot and potential service disruptions."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T01:56:28.176Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePlease refer to the security advisories:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches\"\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches\u003c/a\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003eCVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Please refer to the security advisories:\n\n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches \n\n * CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial-of-Service Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\u003c/p\u003e\n\n\u003cul\u003e\n \u003cli\u003eDisable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied.\u003c/li\u003e\n\u003c/ul\u003e"
}
],
"value": "To mitigate the risks\nassociated with this vulnerability, we recommend the following actions:\n\n\n\n\n * Disable Moxa Service and Moxa Service\n (Encrypted) temporarily if they are not required for operations. This will\n minimize potential attack vectors until a patch or updated firmware is\n applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9404",
"datePublished": "2024-12-04T03:54:32.073Z",
"dateReserved": "2024-10-01T06:37:38.790Z",
"dateUpdated": "2025-02-20T01:56:28.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}