CVE-2015-6466

Name of the Vulnerable Software and Affected Versions Moxa EDS-405A and Moxa EDS-408A versions prior to 3.6

Description The issue is related to insufficient protection of the web page structure in the Diagnosis Ping feature of the administrative web interface. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability also allows for cross-site scripting (XSS) attacks, where an attacker can inject arbitrary web script or HTML.

Recommendations For versions prior to 3.6, update the firmware to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Diagnosis Ping feature in the administrative web interface until a patch is available. Avoid using unspecified fields in the Diagnosis Ping feature that may be vulnerable to XSS attacks until the issue is resolved.