Configuration Change Vulnerability in NPort IA5150A/IA5250A Series by Moxa
CVE-2020-27149

6.5MEDIUM

Key Information:

Vendor: Moxa
Status: Nport Ia5000a Series With Web Console Enabled
Vendor: CVE Published:; 14 May 2021

What is CVE-2020-27149?

A security issue exists in Moxa's NPort IA5150A/IA5250A Series, allowing users with only 'Read Only' privileges to manipulate device configurations through the web console. This limitation in user role enforcement can lead to unauthorized changes to critical system settings, underscoring the need for reinforced access controls and prompt updates to maintain system integrity.

Affected Version(s)

NPort IA5000A Series with web console enabled All versions before 1.5 for NPort IA5150A/IA5250A Series. All version before 2.0 for NPort 5450 Series

References

https://ics-cert.kaspersky.com/advisories/klcert-advisori...

x_refsource_MISC

https://www.moxa.com/en/support/product-support/security-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2021
Vulnerability Reserved
Oct 14, 2020