CVE-2019-10963

Name of the Vulnerable Software and Affected Versions Moxa EDR 810 versions 5.1 and prior

Description The issue allows an unauthenticated attacker to retrieve some log files from the device, potentially leading to sensitive information disclosure. This is possible because log files must have previously been exported by a legitimate user. The vulnerability is related to inadequate access control, which can be exploited by a remote attacker using a specially crafted request.

Recommendations For Moxa EDR 810 versions 5.1 and prior, consider restricting access to the log files to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the export of log files by legitimate users to only necessary instances. At the moment, there is no information about a newer version that contains a fix for this vulnerability.