Sensitive Information Exposure Risk Due to Cleartext Credentials Storage
CVE-2024-6785

7.1HIGH

Key Information:

Vendor: Moxa
Status: Mxview One Series; Mxview One Central Manager Series
Vendor: CVE Published:; 21 September 2024

What is CVE-2024-6785?

A vulnerability in the Moxa MXView and MXView One Central Manager series allows for credential storage in cleartext within the configuration file. This may enable an attacker with local access rights to read or modify the configuration file. The implications of this vulnerability could lead to the exposure of sensitive information and potential misuse of the service, threatening the overall security posture of affected systems.

Affected Version(s)

MXview One Central Manager Series 0 < 1.0.0

MXview One Series 0 < 1.3.0

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

third-party-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 21, 2024
Vulnerability Reserved
Jul 16, 2024

Credit

Noam Moshe of Claroty Research - Team82