Cleartext Password Storage Vulnerability in Moxa OnCell Devices
CVE-2016-5812

3.3LOW

Key Information:

Vendor: Moxa
Status: Oncell G3001 Firmware
Vendor: CVE Published:; 24 August 2016

What is CVE-2016-5812?

The Moxa OnCell G3100V2 and associated models exhibit a vulnerability due to the storage of passwords in cleartext format. This design flaw can potentially allow local users to access sensitive information stored in configuration files. As a result, unauthorized access to device configurations may occur, leading to security risks and data exposure. Users are advised to update to the latest firmware versions to mitigate this risk.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01

x_refsource_MISC

http://www.securityfocus.com/bid/92605

vdb-entryx_refsource_BID

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2016
Vulnerability Reserved
Jun 23, 2016