CVE-2020-7003

Name of the Vulnerable Software and Affected Versions Moxa ioLogik 2542-HSPA versions 3.0 or lower Moxa Ioxpress Configuration Utility versions 2.3.0 or lower

Description The issue is related to the use of an insecure cryptographic algorithm for storing and transmitting passwords in the Moxa ioLogik 2542-HSPA and the Moxa Ioxpress Configuration Utility. This could allow a remote attacker to gain unauthorized access to protected information by using a specially crafted configuration file. Sensitive information is also transmitted in clear text over some web applications.

Recommendations For Moxa ioLogik 2542-HSPA versions 3.0 or lower, consider updating to a version higher than 3.0 to resolve the issue. For Moxa Ioxpress Configuration Utility versions 2.3.0 or lower, consider updating to a version higher than 2.3.0 to resolve the issue. As a temporary workaround, restrict access to the configuration utility and web applications to minimize the risk of exploitation.