PT-2017-13030 · Moxa · Moxa Eds-G512E

Published

2017-11-23

Updated

2017-12-08

CVE-2017-13701

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MOXA EDS-G512E version 5.1 build 16072215

Description The issue concerns the insecure storage of sensitive information in the backup file of the affected device. Specifically, passwords are stored without being hashed with a salt, and they are not encrypted using a timestamped ciphering method.

Recommendations For MOXA EDS-G512E version 5.1 build 16072215, consider implementing a secure password hashing mechanism with a salt, and encrypt sensitive information in the backup file using a timestamped ciphering method. As a temporary workaround, restrict access to the backup file to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-13701

Affected Products

Moxa Eds-G512E

PT-2017-13030 · Moxa · Moxa Eds-G512E

CVE-2017-13701

Weakness Enumeration

Related Identifiers

Affected Products

References · 4