Insufficient Credential Encryption in Moxa ioLogik E2200 Devices
CVE-2016-2282

5.3MEDIUM

Key Information:

Vendor: Moxa
Status: Ioadmin Firmware; Iologik Firmware
Vendor: CVE Published:; 4 March 2016

Summary

Moxa ioLogik E2200 devices prior to version 3.12 and ioAdmin Configuration Utility before version 3.18 are susceptible to a vulnerability where credentials are not properly encrypted. This deficiency can potentially allow remote attackers to access these credentials in cleartext through unspecified methods, posing a significant risk to system integrity and confidentiality. Users should apply the latest security updates to safeguard against such attacks.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2016
Vulnerability Reserved
Feb 9, 2016