Sensitive Data Exposure in NPort IA5000A Series by Moxa
CVE-2020-27150

7.5HIGH

Key Information:

Vendor: Moxa
Status: Nport Ia5000a Series
Vendor: CVE Published:; 14 May 2021

Summary

In certain versions of the NPort IA5000A Series, exporting a device's configuration file inadvertently reveals the passwords of all users and other sensitive information in their original format, particularly if the 'Pre-shared key' option is not configured. This exposure can significantly compromise system security by providing unauthorized access to user credentials and sensitive configurations.

Affected Version(s)

NPort IA5000A Series All versions

References

https://www.moxa.com/en/support/product-support/security-...

x_refsource_MISC

https://ics-cert.kaspersky.com/advisories/klcert-advisori...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2021
Vulnerability Reserved
Oct 14, 2020