Cross-Site Scripting Vulnerability in Moxa IKS and EDS Products
CVE-2019-6565

6.1MEDIUM

Key Information:

Vendor: Ics-cert
Status: Moxa Iks, Eds
Vendor: CVE Published:; 5 March 2019

What is CVE-2019-6565?

The vulnerability in Moxa IKS and EDS products arises from improper validation of user input. This oversight can be exploited by both unauthenticated and authenticated attackers to execute XSS attacks, potentially allowing the injection of malicious scripts into web pages viewed by other users. The exploitation of this vulnerability can lead to unauthorized actions and exposure of sensitive information, making it critical for users to apply the necessary mitigations.

Affected Version(s)

Moxa IKS, EDS IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01

x_refsource_MISC

http://www.securityfocus.com/bid/107178

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Jan 22, 2019

CVE-2019-6565 Data

JSON

Ics-cert

What is CVE-2019-6565?

Affected Version(s)

References

CVSS V3.1

Timeline