CVE-2019-6526

Name of the Vulnerable Software and Affected Versions Moxa EDS versions 3.8 and prior Moxa IKS-G6824A series versions 4.5 and prior

Description The issue is related to the lack of encryption for protected data in the firmware of Moxa EDS and IKS switches. This may allow a remote attacker to gain unauthorized access to protected information. The vulnerability involves the plaintext transmission of sensitive data, which could include administrative passwords.

Recommendations For Moxa EDS versions 3.8 and prior, update to a version that includes encryption for sensitive data transmission. For Moxa IKS-G6824A series versions 4.5 and prior, update to a version that includes encryption for sensitive data transmission. As a temporary workaround, consider restricting access to the switches to minimize the risk of exploitation.