PT-2023-1306 · Moxa · Moxa Sds-3008 Series Industrial Ethernet Switch
Patrick Desantis
·
Published
2023-02-02
·
Updated
2023-02-16
·
CVE-2022-40693
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1
Description
A cleartext transmission issue exists in the web application functionality, allowing an attacker to obtain sensitive information by sniffing network traffic. This can lead to unauthorized access to protected information.
Recommendations
For Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1, consider implementing encryption for data transmission to prevent cleartext exposure. As a temporary workaround, restrict access to the network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moxa Sds-3008 Series Industrial Ethernet Switch