Vulnerabilites related to moxa - eds-510a
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes."
},
{
"lang": "es",
"value": "Moxa IKS y EDS no comprueban adecuadamente la autoridad del lado del servidor, lo que resulta en que un usuario de solo lectura sea capaz de realizar cambios arbitrarios en la configuraci\u00f3n."
}
],
"id": "CVE-2019-6520",
"lastModified": "2024-11-21T04:46:37.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.297",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack."
},
{
"lang": "es",
"value": "Moxa IKS y EDS no implementan medidas suficientes para evitar m\u00faltiples intentos fallidos de autenticaci\u00f3n, lo que podr\u00eda permitir que un atacante descubra contrase\u00f1as mediante un ataque de fuerza bruta."
}
],
"id": "CVE-2019-6524",
"lastModified": "2024-11-21T04:46:37.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.357",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution."
},
{
"lang": "es",
"value": "Se han identificado varias vulnerabilidades de desbordamiento de b\u00fafer en Moxa IKS y EDS, lo que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2019-6557",
"lastModified": "2024-11-21T04:46:41.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.437",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device."
},
{
"lang": "es",
"value": "Se ha identificado Cross-Site Request Forgery (CSRF) en Moxa IKS y EDS, lo que podr\u00eda permitir la ejecuci\u00f3n de acciones no autorizadas en el dispositivo."
}
],
"id": "CVE-2019-6561",
"lastModified": "2024-11-21T04:46:41.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.513",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device."
},
{
"lang": "es",
"value": "Moxa IKS y EDS almacenan contrase\u00f1as en texto plano, lo que podr\u00eda permitir que alguien con acceso al dispositivo lea informaci\u00f3n sensible."
}
],
"id": "CVE-2019-6518",
"lastModified": "2024-11-21T04:46:36.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.263",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-256"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script."
},
{
"lang": "es",
"value": "Moxa IKS y EDS no validan correctamente las entradas de usuario, lo que otorga a los atacantes, tanto autenticados como no, la capacidad de realizar ataques XSS, lo que podr\u00eda emplearse para enviar un script malicioso."
}
],
"id": "CVE-2019-6565",
"lastModified": "2024-11-21T04:46:42.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.577",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash."
},
{
"lang": "es",
"value": "Moxa IKS y EDS permiten que usuarios autenticados remotos provoquen una denegaci\u00f3n de servicio (DoS) mediante un paquete especialmente manipulado, lo que podr\u00eda provocar el cierre inesperado del switch."
}
],
"id": "CVE-2019-6559",
"lastModified": "2024-11-21T04:46:41.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.467",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator\u0027s password, which could lead to a full compromise of the device."
},
{
"lang": "es",
"value": "Moxa IKS y EDS generan una cookie predecible calculada con un hash MD5, lo que permite que un atacante capture la contrase\u00f1a del administrador. Esto podr\u00eda conducir al compromiso total del dispositivo."
}
],
"id": "CVE-2019-6563",
"lastModified": "2024-11-21T04:46:42.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.547",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-341"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-916"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-15 12:31
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password."
},
{
"lang": "es",
"value": "Moxa IKS-G6824A series versi\u00f3n 4.5 y anteriores, EDS-405A series versi\u00f3n 3.8 y anteriores, EDS-408A series versi\u00f3n 3.8 y anteriores, y EDS-510A series versi\u00f3n 3.8 y anteriores transmiten informaci\u00f3n sensible en texto plano, lo que podr\u00eda permitir a un atacante capturar informaci\u00f3n sensible como, por ejemplo, las contrase\u00f1as de administraci\u00f3n."
}
],
"id": "CVE-2019-6526",
"lastModified": "2024-11-21T04:46:37.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-15T12:31:42.447",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107178 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | iks-g6824a_firmware | * | |
| moxa | iks-g6824a | - | |
| moxa | eds-405a_firmware | * | |
| moxa | eds-405a | - | |
| moxa | eds-408a_firmware | * | |
| moxa | eds-408a | - | |
| moxa | eds-510a_firmware | * | |
| moxa | eds-510a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1",
"versionEndIncluding": "4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980",
"versionEndIncluding": "3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot."
},
{
"lang": "es",
"value": "Moxa IKS y EDS no comprueban adecuadamente los l\u00edmites de array que podr\u00edan permitir que un atacante lea memoria del dispositivo en direcciones arbitrarias y podr\u00eda permitir que un atacante recupere datos sensibles o provoque el reinicio del dispositivo."
}
],
"id": "CVE-2019-6522",
"lastModified": "2024-11-21T04:46:37.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T20:29:00.343",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201903-0183
Vulnerability from variot
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. Moxa IKS and EDS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. A buffer overflow vulnerability exists in the MoxaIKS and EDS families. An attacker could exploit this vulnerability for remote code execution. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6557",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06175",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157992",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6557",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6557",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6557",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6557",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-967",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157992",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6557",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. Moxa IKS and EDS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. A buffer overflow vulnerability exists in the MoxaIKS and EDS families. An attacker could exploit this vulnerability for remote code execution. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6557"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6557",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06175",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "D8B199A7-2E07-425C-BCC8-CF8073155286",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157992",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6557",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"id": "VAR-201903-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
}
]
},
"last_update_date": "2024-11-23T21:52:28.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155223"
},
{
"title": "Multiple Moxa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=89680"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6557"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6557"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"db": "VULHUB",
"id": "VHN-157992"
},
{
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157992"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"date": "2019-03-05T20:29:00.437000",
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06175"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157992"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6557"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002198"
},
{
"date": "2022-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-967"
},
{
"date": "2024-11-21T04:46:41.423000",
"db": "NVD",
"id": "CVE-2019-6557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002198"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "d8b199a7-2e07-425c-bcc8-cf8073155286"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-967"
}
],
"trust": 0.8
}
}
var-201903-0186
Vulnerability from variot
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. There are predictable cookie vulnerabilities in the MoxaIKS and EDS series. The vulnerability stems from the fact that the software generates a predictable cookie that uses the MD5 hash calculation. An attacker could exploit the vulnerability to capture an administrator password for complete control of the device. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. The vulnerability is caused by the program generating easily predictable cookies
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6563",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06058",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-157998",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6563",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6563",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6563",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6563",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-943",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157998",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6563",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator\u0027s password, which could lead to a full compromise of the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There are predictable cookie vulnerabilities in the MoxaIKS and EDS series. The vulnerability stems from the fact that the software generates a predictable cookie that uses the MD5 hash calculation. An attacker could exploit the vulnerability to capture an administrator password for complete control of the device. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. The vulnerability is caused by the program generating easily predictable cookies",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6563",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06058",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "968D3D57-4F83-4A50-9BEC-32450036E0E1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157998",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6563",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"id": "VAR-201903-0186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
}
]
},
"last_update_date": "2024-11-23T21:52:28.266000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/"
},
{
"title": "MoxaIKS and EDS can predict patches for cookie vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155117"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89662"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-916",
"trust": 1.1
},
{
"problemtype": "CWE-341",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6563"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6563"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"db": "VULHUB",
"id": "VHN-157998"
},
{
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "968d3d57-4f83-4a50-9bec-32450036e0e1"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157998"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"date": "2019-03-05T20:29:00.547000",
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06058"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157998"
},
{
"date": "2020-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6563"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002342"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-943"
},
{
"date": "2024-11-21T04:46:42.157000",
"db": "NVD",
"id": "CVE-2019-6563"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-943"
}
],
"trust": 0.6
}
}
var-201903-0184
Vulnerability from variot
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. Moxa IKS and EDS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. There are uncontrolled resource consumption vulnerabilities in the MoxaIKS and EDS series. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6559",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06059",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-157994",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6559",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6559",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6559",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6559",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-06059",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-942",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157994",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. Moxa IKS and EDS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There are uncontrolled resource consumption vulnerabilities in the MoxaIKS and EDS series. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6559",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06059",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "9E2FEFA7-3C84-4516-9A5E-A95588AD4487",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157994",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6559",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"id": "VAR-201903-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
}
]
},
"last_update_date": "2024-11-23T21:52:28.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "MoxaIKS and EDS patches for uncontrolled resource consumption vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155115"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89661"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6559"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6559"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"db": "VULHUB",
"id": "VHN-157994"
},
{
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157994"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"date": "2019-03-05T20:29:00.467000",
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06059"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157994"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6559"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002199"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-942"
},
{
"date": "2024-11-21T04:46:41.670000",
"db": "NVD",
"id": "CVE-2019-6559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002199"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "9e2fefa7-3c84-4516-9a5e-a95588ad4487"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-942"
}
],
"trust": 0.8
}
}
var-201903-0185
Vulnerability from variot
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. MoxaIKS and EDS are Moxa's line of industrial switches. An attacker could exploit the vulnerability to perform unauthorized actions on the device. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0185",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06177",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ed923030-6378-4e47-850e-003a04af5c17",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157996",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6561",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6561",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6561",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6561",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-06177",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-964",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157996",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6561",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. An attacker could exploit the vulnerability to perform unauthorized actions on the device. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6561",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06177",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "ED923030-6378-4E47-850E-003A04AF5C17",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157996",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6561",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"id": "VAR-201903-0185",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
}
]
},
"last_update_date": "2024-11-23T21:52:28.078000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155221"
},
{
"title": "Multiple Moxa Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89679"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6561"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6561"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"db": "VULHUB",
"id": "VHN-157996"
},
{
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "ed923030-6378-4e47-850e-003a04af5c17"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157996"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"date": "2019-03-05T20:29:00.513000",
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06177"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157996"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6561"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002200"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-964"
},
{
"date": "2024-11-21T04:46:41.923000",
"db": "NVD",
"id": "CVE-2019-6561"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002200"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-964"
}
],
"trust": 0.6
}
}
var-201903-0174
Vulnerability from variot
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information may be obtained. MoxaIKS and EDS are Moxa's line of industrial switches. There are plaintext password storage vulnerabilities in MoxaIKS and EDS series. The vulnerability stems from the program storing passwords in clear text. An attacker could exploit this vulnerability to read sensitive information. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6518",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06057",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157953",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6518",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6518",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6518",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-06057",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-946",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157953",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Moxa IKS and EDS Contains an information disclosure vulnerability.Information may be obtained. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There are plaintext password storage vulnerabilities in MoxaIKS and EDS series. The vulnerability stems from the program storing passwords in clear text. An attacker could exploit this vulnerability to read sensitive information. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6518",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06057",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "40881ACB-846B-4C5B-831C-2D62DD81F1DF",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157953",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6518",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"id": "VAR-201903-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
}
]
},
"last_update_date": "2024-11-23T21:52:28.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS plaintext password storage vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155119"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89664"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-256",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6518"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6518"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"db": "VULHUB",
"id": "VHN-157953"
},
{
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "40881acb-846b-4c5b-831c-2d62dd81f1df"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157953"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"date": "2019-03-05T20:29:00.263000",
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06057"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-157953"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6518"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002364"
},
{
"date": "2020-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-946"
},
{
"date": "2024-11-21T04:46:36.780000",
"db": "NVD",
"id": "CVE-2019-6518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002364"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-946"
}
],
"trust": 0.6
}
}
var-201903-0177
Vulnerability from variot
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. Moxa IKS and EDS Contains an out-of-bounds read vulnerability.Information obtained and denial of service (DoS) May be in a state. MoxaIKS and EDS are Moxa's line of industrial switches. There is an out-of-bounds read vulnerability in the MoxaIKS and EDS series. The vulnerability stems from a program failing to properly validate array bounds. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0177",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6522",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06056",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ab3d4b23-d209-43d9-8414-74602516531f",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157957",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6522",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6522",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6522",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6522",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06056",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-950",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157957",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-6522",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. Moxa IKS and EDS Contains an out-of-bounds read vulnerability.Information obtained and denial of service (DoS) May be in a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. There is an out-of-bounds read vulnerability in the MoxaIKS and EDS series. The vulnerability stems from a program failing to properly validate array bounds. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6522"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6522",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06056",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "AB3D4B23-D209-43D9-8414-74602516531F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157957",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6522",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"id": "VAR-201903-0177",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
}
]
},
"last_update_date": "2024-11-23T21:52:28.356000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "MoxaIKS and EDS out of bounds read vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155121"
},
{
"title": "Multiple Moxa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89667"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6522"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6522"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"db": "VULHUB",
"id": "VHN-157957"
},
{
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157957"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"date": "2019-03-05T20:29:00.343000",
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06056"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-157957"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6522"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002197"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-950"
},
{
"date": "2024-11-21T04:46:37.277000",
"db": "NVD",
"id": "CVE-2019-6522"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002197"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "ab3d4b23-d209-43d9-8414-74602516531f"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-950"
}
],
"trust": 0.8
}
}
var-201903-0187
Vulnerability from variot
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. Moxa IKS and EDS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaIKS and EDS are Moxa's line of industrial switches. A cross-site scripting vulnerability exists in the MoxaIKS and EDS series. The vulnerability stems from a failure to properly validate user input. An attacker could exploit this vulnerability for a cross-site scripting attack. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-6565",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06178",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158000",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6565",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-6565",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6565",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6565",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-06178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-961",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158000",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. Moxa IKS and EDS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. A cross-site scripting vulnerability exists in the MoxaIKS and EDS series. The vulnerability stems from a failure to properly validate user input. An attacker could exploit this vulnerability for a cross-site scripting attack. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6565"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6565",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06178",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "709E83C1-C0D8-464A-B6C8-07E965AE9B94",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-158000",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6565",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"id": "VAR-201903-0187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
}
]
},
"last_update_date": "2024-11-23T21:52:28.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for MoxaIKS and EDS Cross-Site Scripting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155215"
},
{
"title": "Multiple Moxa Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6565"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6565"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"db": "VULHUB",
"id": "VHN-158000"
},
{
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "709e83c1-c0d8-464a-b6c8-07e965ae9b94"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-158000"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"date": "2019-03-05T20:29:00.577000",
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06178"
},
{
"date": "2022-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-158000"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6565"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002201"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-961"
},
{
"date": "2024-11-21T04:46:42.397000",
"db": "NVD",
"id": "CVE-2019-6565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-961"
}
],
"trust": 0.6
}
}
var-201903-0178
Vulnerability from variot
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. Moxa IKS and EDS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. MoxaIKS and EDS series have excessive certification attempts to limit the vulnerability. An attacker can exploit the vulnerability to discover passwords through brute force attacks. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. A security vulnerability exists in several Moxa products due to the program not adequately limiting the number of authentication requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6524",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6524",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06054",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "1b1fb0ed-df65-4062-818e-9ac627102377",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157959",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6524",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6524",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6524",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6524",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06054",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-955",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157959",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6524",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. Moxa IKS and EDS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. MoxaIKS and EDS series have excessive certification attempts to limit the vulnerability. An attacker can exploit the vulnerability to discover passwords through brute force attacks. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. A security vulnerability exists in several Moxa products due to the program not adequately limiting the number of authentication requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6524"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6524",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06054",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "1B1FB0ED-DF65-4062-818E-9AC627102377",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157959",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6524",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"id": "VAR-201903-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
}
]
},
"last_update_date": "2024-11-23T21:52:28.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/"
},
{
"title": "MoxaIKS and EDS over-certification attempts to improperly limit the patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155125"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89672"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6524"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6524"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/307.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"db": "VULHUB",
"id": "VHN-157959"
},
{
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "1b1fb0ed-df65-4062-818e-9ac627102377"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157959"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"date": "2019-03-05T20:29:00.357000",
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06054"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-157959"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6524"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002346"
},
{
"date": "2020-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-955"
},
{
"date": "2024-11-21T04:46:37.530000",
"db": "NVD",
"id": "CVE-2019-6524"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002346"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-955"
}
],
"trust": 0.6
}
}
var-201903-0176
Vulnerability from variot
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. Moxa IKS and EDS Contains an access control vulnerability.Information may be tampered with. MoxaIKS and EDS are Moxa's line of industrial switches. The vulnerability stems from the device failing to properly check permissions on the server side. An attacker could exploit this vulnerability to modify the configuration. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. The following Moxa products and versions are affected: IKS-G6824A series versions 4.5 and prior, EDS-405A series versions 3.8 and prior, EDS-408A series versions 3.8 and prior, and EDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-408a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "eds-510a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a series",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6520",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-06179",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-157955",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6520",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6520",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6520",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6520",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-06179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-958",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157955",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6520",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. Moxa IKS and EDS Contains an access control vulnerability.Information may be tampered with. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. The vulnerability stems from the device failing to properly check permissions on the server side. An attacker could exploit this vulnerability to modify the configuration. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. \nThe following Moxa products and versions are affected:\nIKS-G6824A series versions 4.5 and prior,\nEDS-405A series versions 3.8 and prior,\nEDS-408A series versions 3.8 and prior, and\nEDS-510A series versions 3.8 and prior. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6520"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6520",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "BID",
"id": "107178",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06179",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "44FF4A4F-B858-48D2-8216-B32637775BF7",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157955",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6520",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"id": "VAR-201903-0176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
}
]
},
"last_update_date": "2024-11-23T21:52:28.487000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/"
},
{
"title": "MoxaIKS and EDS access patches for improper control of vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155207"
},
{
"title": "Multiple Moxa Product access control error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89674"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6520"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6520"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"db": "VULHUB",
"id": "VHN-157955"
},
{
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "IVD",
"id": "44ff4a4f-b858-48d2-8216-b32637775bf7"
},
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULHUB",
"id": "VHN-157955"
},
{
"date": "2019-03-05T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"date": "2019-03-05T20:29:00.297000",
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06179"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-157955"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6520"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002347"
},
{
"date": "2020-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-958"
},
{
"date": "2024-11-21T04:46:37.030000",
"db": "NVD",
"id": "CVE-2019-6520"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS and EDS Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002347"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-958"
}
],
"trust": 0.6
}
}
var-201904-1553
Vulnerability from variot
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. plural Moxa There are vulnerabilities related to certificate and password management and encryption in the product.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa's line of industrial switches. MoxaIKS and EDS series lack sensitive data for encryption holes. The vulnerability stems from the fact that these devices transmit sensitive data in clear text. An attacker could exploit this vulnerability to capture sensitive data such as administrative passwords. Moxa IKS and EDS are prone to following security vulnerabilities: 1. A cross-site-scripting vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. A security vulnerability 4. An information disclosure vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple denial-of-service vulnerabilities 7. A security-bypass vulnerability 8. An authentication bypass vulnerability An attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. Encryption issues exist in several Moxa products. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-1553",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-510a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "iks-g6824a series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "iks-g6824a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.5"
},
{
"model": "eds-405a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-408a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "eds-510a",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.8"
},
{
"model": "iks-g6824a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "4.5"
},
{
"model": "eds-510a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-408a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": "eds-405a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "3.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iks g6824a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 405a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 408a",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "eds 510a",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-405a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-408a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:eds-510a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:iks-g6824a_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and Vyacheslav Moskvin of Positive Technologies Security,Ivan B, Sergey Fedonin, and Vyacheslav Moskvin of Positive Technologies Security reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6526",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6526",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-06055",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-157961",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6526",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6526",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6526",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6526",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-06055",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-953",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-157961",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6526",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. plural Moxa There are vulnerabilities related to certificate and password management and encryption in the product.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaIKS and EDS are Moxa\u0027s line of industrial switches. MoxaIKS and EDS series lack sensitive data for encryption holes. The vulnerability stems from the fact that these devices transmit sensitive data in clear text. An attacker could exploit this vulnerability to capture sensitive data such as administrative passwords. Moxa IKS and EDS are prone to following security vulnerabilities:\n1. A cross-site-scripting vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A security vulnerability\n4. An information disclosure vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple denial-of-service vulnerabilities\n7. A security-bypass vulnerability\n8. An authentication bypass vulnerability\nAn attacker may leverage these issues to view arbitrary files within the context of the web server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, compromise the application, access or modify data, reboot or crash of the application resulting in a denial of service condition, bypass security restrictions, or execute arbitrary code. This may lead to other vulnerabilities. Moxa IKS-G6824A series are all products of Moxa Company in Taiwan, China. IKS-G6824A series is a series of rack-mount Ethernet switches. EDS-405A series is an EDS-405A series Ethernet switch. EDS-408A series is an EDS-408A series Ethernet switch. Encryption issues exist in several Moxa products. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6526"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6526",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-057-01",
"trust": 3.5
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953",
"trust": 0.9
},
{
"db": "BID",
"id": "107178",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-06055",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0597",
"trust": 0.6
},
{
"db": "IVD",
"id": "08B8F9FE-72AD-4D47-BF81-C57B81A839E4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157961",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6526",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"id": "VAR-201904-1553",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
}
],
"trust": 1.61445105
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
}
]
},
"last_update_date": "2024-11-23T21:52:28.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "MoxaIKS and EDS sensitive data lack patches for encryption vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/155123"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89670"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-057-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6526"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6526"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-057-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76138"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/107178"
},
{
"trust": 0.3,
"url": "http://www.moxastore.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"db": "VULHUB",
"id": "VHN-157961"
},
{
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"db": "BID",
"id": "107178"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "IVD",
"id": "08b8f9fe-72ad-4d47-bf81-c57b81a839e4"
},
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"date": "2019-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-157961"
},
{
"date": "2019-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"date": "2019-04-15T12:31:42.447000",
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-06055"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157961"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6526"
},
{
"date": "2019-02-26T00:00:00",
"db": "BID",
"id": "107178"
},
{
"date": "2019-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003395"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-953"
},
{
"date": "2024-11-21T04:46:37.790000",
"db": "NVD",
"id": "CVE-2019-6526"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa Vulnerabilities related to certificate and password management in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003395"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-953"
}
],
"trust": 0.6
}
}
cve-2019-6522
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-17 02:32
Severity ?
EPSS score ?
Summary
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds read CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6522",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-17T02:32:19.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6520
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper access control CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6520",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T19:01:03.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6559
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 21:04
Severity ?
EPSS score ?
Summary
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled resource consumption CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled resource consumption CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6559",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T21:04:33.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6526
Vulnerability from cvelistv5
Published
2019-04-12 20:11
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IKS, EDS",
"vendor": "Moxa",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior"
},
{
"status": "affected",
"version": "EDS-405A series Version 3.8 and prior"
},
{
"status": "affected",
"version": "EDS-408A series Version 3.8 and prior"
},
{
"status": "affected",
"version": "and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "Missing encryption of sensitive data CWE-311",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-12T20:11:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-6526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior"
},
{
"version_value": "EDS-405A series Version 3.8 and prior"
},
{
"version_value": "EDS-408A series Version 3.8 and prior"
},
{
"version_value": "and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "Moxa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing encryption of sensitive data CWE-311"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6526",
"datePublished": "2019-04-12T20:11:08",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-08-04T20:23:21.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6518
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 18:49
Severity ?
EPSS score ?
Summary
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "Unprotected storage of credentials CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unprotected storage of credentials CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6518",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T18:49:44.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6557
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6557",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T18:24:17.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6565
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6565",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T23:46:45.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6524
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 16:57
Severity ?
EPSS score ?
Summary
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper restriction of excessive authentication attempts CWE-307",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of excessive authentication attempts CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6524",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T16:57:49.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6561
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 17:27
Severity ?
EPSS score ?
Summary
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6561",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T17:27:37.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6563
Vulnerability from cvelistv5
Published
2019-03-05 21:00
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107178 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Moxa IKS, EDS |
Version: IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa IKS, EDS",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
],
"datePublic": "2019-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator\u0027s password, which could lead to a full compromise of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-341",
"description": "Predictable from observable state CWE-341",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-06T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator\u0027s password, which could lead to a full compromise of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Predictable from observable state CWE-341"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6563",
"datePublished": "2019-03-05T21:00:00Z",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-09-16T18:44:20.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}