Cleartext Transmission Vulnerability in Moxa NPort IA5000A Series Devices
CVE-2020-27185

7.5HIGH

Key Information:

Vendor

Moxa
Status
Nport Ia5000a Series With Moxa Service Enabled
Vendor
CVE Published:
14 May 2021

What is CVE-2020-27185?

The Moxa NPort IA5000A series devices exhibit a vulnerability that allows for the cleartext transmission of sensitive information through the Moxa Service. This includes potentially exposing authentication data and device configurations to unauthorized access. An attack successfully exploiting this vulnerability could lead to severe risks concerning data confidentiality, enabling malicious actors to intercept vital information during transmission.

Affected Version(s)

NPort IA5000A Series with Moxa Service enabled All versions

References

https://www.moxa.com/en/support/product-support/security-...
x_refsource_MISC
https://ics-cert.kaspersky.com/advisories/klcert-advisori...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.