Cleartext Transmission Vulnerability in Moxa SDS-3008 Series Industrial Ethernet Switch
CVE-2022-40693

5.9MEDIUM

Key Information:

Vendor
Moxa
Status
Sds-3008 Series Industrial Ethernet Switch
Vendor
CVE Published:
7 February 2023

Summary

A vulnerability exists in the web application functionality of the Moxa SDS-3008 Series Industrial Ethernet Switch, allowing for cleartext transmission of sensitive information. Attackers can exploit this vulnerability through specialized network sniffing techniques, which could result in unauthorized access to private data as it travels across the network. It is crucial for users to review security practices and ensure that sensitive information is adequately protected against potential exposure.

Affected Version(s)

SDS-3008 Series Industrial Ethernet Switch 2.1

References

https://talosintelligence.com/vulnerability_reports/TALOS...
https://www.moxa.com/en/support/product-support/security-...

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.