CVE-2020-27149

6.5MEDIUM

Key Information:

Vendor: Moxa
Status: Nport Ia5000a Series With Web Console Enabled
Vendor: CVE Published:; 14 May 2021

Summary

By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.

Affected Version(s)

NPort IA5000A Series with web console enabled All versions before 1.5 for NPort IA5150A/IA5250A Series. All version before 2.0 for NPort 5450 Series

References

https://ics-cert.kaspersky.com/advisories/klcert-advisori...

x_refsource_MISC

https://www.moxa.com/en/support/product-support/security-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2021
Vulnerability Reserved
Oct 14, 2020