PT-2017-3774 · Moxa · Moxa Eds+1

Published

2017-11-13

Updated

2021-11-03

CVE-2019-6526

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moxa EDS versions 3.8 and prior Moxa IKS-G6824A series versions 4.5 and prior

Description The issue is related to the lack of encryption for protected data in the firmware of Moxa EDS and IKS switches. This may allow a remote attacker to gain unauthorized access to protected information. The vulnerability involves the plaintext transmission of sensitive data, which could include administrative passwords.

Recommendations For Moxa EDS versions 3.8 and prior, update to a version that includes encryption for sensitive data transmission. For Moxa IKS-G6824A series versions 4.5 and prior, update to a version that includes encryption for sensitive data transmission. As a temporary workaround, consider restricting access to the switches to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-311

Related Identifiers

BDU:2019-01124

CVE-2019-6526

Affected Products

Moxa Eds

Moxa Iks-G6824A

PT-2017-3774 · Moxa · Moxa Eds+1

CVE-2019-6526

Weakness Enumeration

Related Identifiers

Affected Products

References · 5