Authentication Bypass in Moxa OnCell Central Manager
CVE-2015-6480

8.3HIGH

Key Information:

Vendor: Moxa
Status: Oncell Central Manager
Vendor: CVE Published:; 21 December 2015

Summary

The MessageBrokerServlet in Moxa OnCell Central Manager versions prior to 2.2 lacks proper authentication controls. This vulnerability allows remote attackers to gain unauthorized administrative access by executing specific commands, such as adding users and groups. This flaw poses a significant security risk, enabling potential exploitation of sensitive system functions without authentication.

References

http://zerodayinitiative.com/advisories/ZDI-15-452/

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 21, 2015
Vulnerability Reserved
Aug 17, 2015