PT-2019-4430 · Moxa · Eds-G508E+2
Matan Dobrushin
+1
·
Published
2019-11-20
·
Updated
2019-12-17
·
CVE-2019-19707
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Moxa EDS-G508E versions through 6.0
Moxa EDS-G512E versions through 6.0
Moxa EDS-G516E versions through 6.0
Description
The issue is related to an uncontrolled resource consumption in the firmware of Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices. This can lead to a denial of service. The denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
Recommendations
For Moxa EDS-G508E versions through 6.0, consider restricting access to the PROFINET DCE-RPC endpoint to minimize the risk of exploitation.
For Moxa EDS-G512E versions through 6.0, consider restricting access to the PROFINET DCE-RPC endpoint to minimize the risk of exploitation.
For Moxa EDS-G516E versions through 6.0, consider restricting access to the PROFINET DCE-RPC endpoint to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eds-G508E
Eds-G512E
Eds-G516E