CVE-2019-6526

Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.

CVSS v3 9.8 CRITICAL
CVSS v2.0 5.0 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01	US Government Resource Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*

History

03 Nov 2021, 18:59

Type	Values Removed	Values Added
References	~~(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 - Third Party Advisory, US Government Resource~~	(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 - US Government Resource, Third Party Advisory
CWE	CWE-310 CWE-255	CWE-319

Information

Published : 2019-04-15 12:31

Updated : 2023-12-10 12:59

NVD link : CVE-2019-6526

Mitre link : CVE-2019-6526

CVE.ORG link : CVE-2019-6526

JSON object : View

Products Affected

moxa

eds-510a_firmware
iks-g6824a_firmware
iks-g6824a
eds-510a
eds-405a
eds-405a_firmware
eds-408a_firmware
eds-408a

CWE

CWE-319

Cleartext Transmission of Sensitive Information

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2019-6526", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-04-15T12:31:42.447", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01", "tags": ["US Government Resource", "Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password."}, {"lang": "es", "value": "Moxa IKS-G6824A series versi\u00f3n 4.5 y anteriores, EDS-405A series versi\u00f3n 3.8 y anteriores, EDS-408A series versi\u00f3n 3.8 y anteriores, y EDS-510A series versi\u00f3n 3.8 y anteriores transmiten informaci\u00f3n sensible en texto plano, lo que podr\u00eda permitir a un atacante capturar informaci\u00f3n sensible como, por ejemplo, las contrase\u00f1as de administraci\u00f3n."}], "lastModified": "2021-11-03T18:59:37.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iks-g6824a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0315E6E6-AD90-4B57-8A2C-23A435CDD9A1", "versionEndIncluding": "4.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iks-g6824a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A845716-E0AF-4DF3-AFAD-2D19456ACAEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:eds-405a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24BC0C6E-9FD5-4956-8A9A-CFEB597638D7", "versionEndIncluding": "3.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:eds-405a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66C5DF82-A91D-4966-A841-5B5235316ED4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:eds-408a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79E6E8C1-ABB6-4FA1-87BC-338131D9C8FA", "versionEndIncluding": "3.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:eds-408a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "316407E3-51E2-4622-99CE-B683B91741D3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:eds-510a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C2BF052-733D-4B18-8D4F-A8E9E27D5980", "versionEndIncluding": "3.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:eds-510a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "819581F2-3AF9-4F2A-A9D2-1BDE853C73B9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}