PT-2020-3050 · Moxa · Moxa Nport 5150A

Maayan Fishelov

Published

2020-05-01

Updated

2022-04-26

CVE-2020-12117

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moxa NPort 5150A versions 1.5 and earlier

Description The issue allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. This is related to the Moxa Service, which is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect. The vulnerability is associated with security mechanism shortcomings, potentially allowing a remote attacker to gain unauthorized access to protected information.

Recommendations For Moxa NPort 5150A versions 1.5 and earlier, consider disabling the Moxa Service to minimize the risk of exploitation, as it can be disabled without ill effect.

Fix

Information Disclosure

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-306

Related Identifiers

BDU:2020-03340

CVE-2020-12117

Affected Products

Moxa Nport 5150A

PT-2020-3050 · Moxa · Moxa Nport 5150A

CVE-2020-12117

Weakness Enumeration

Related Identifiers

Affected Products

References · 6