Vulnerabilites related to Moxa - NPort IAW5000A-I/O Series
var-202012-0501
Vulnerability from variot
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192.
The firmware of MOXA NPort IAW5000A-I/O Series 2.1 and earlier has a vulnerability in the plaintext transmission of sensitive information. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0501",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport iaw5000a-i\\/o",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "nport",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "version 2.1"
},
{
"model": "nport iaw5000a-i/o series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:nport_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
]
},
"cve": "CVE-2020-25190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-25190",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-56121",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-25190",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-25190",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25190",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25190",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-56121",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-593",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-593"
},
{
"db": "NVD",
"id": "CVE-2020-25190"
},
{
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. \n\r\n\r\nThe firmware of MOXA NPort IAW5000A-I/O Series 2.1 and earlier has a vulnerability in the plaintext transmission of sensitive information. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"db": "VULMON",
"id": "CVE-2020-25190"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25190",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-287-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92374129",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56121",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3530",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-593",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25190",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"db": "VULMON",
"id": "CVE-2020-25190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-593"
},
{
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"id": "VAR-202012-0501",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
}
]
},
"last_update_date": "2024-11-23T22:16:11.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/nport-iaw5000a-io-serial-device-servers-vulnerabilities"
},
{
"title": "Patch for MOXA NPort IAW5000A-I/O Series sensitive information clear text transmission vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236290"
},
{
"title": "Moxa NPort IAW5000A-I/O Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130456"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-593"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-307",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25196"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25153"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25190"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25192"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25194"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92374129/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25190"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3530/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189768"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"db": "VULMON",
"id": "CVE-2020-25190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-593"
},
{
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"db": "VULMON",
"id": "CVE-2020-25190"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-593"
},
{
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25190"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-593"
},
{
"date": "2020-12-23T15:15:15.517000",
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56121"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25190"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-593"
},
{
"date": "2024-11-21T05:17:36.083000",
"db": "NVD",
"id": "CVE-2020-25190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-593"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa Made NPort IAW5000A-I/O Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-593"
}
],
"trust": 0.6
}
}
var-202012-0523
Vulnerability from variot
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192.
MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has weak password requirement vulnerability. No detailed vulnerability details are currently provided. A remote attacker could exploit this vulnerability to launch further attacks on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0523",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport iaw5000a-i\\/o",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "nport",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "version 2.1"
},
{
"model": "nport iaw5000a-i/o series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:nport_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
]
},
"cve": "CVE-2020-25153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-25153",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-56122",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-25153",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-25153",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25153",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25153",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-56122",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-596",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-596"
},
{
"db": "NVD",
"id": "CVE-2020-25153"
},
{
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. \n\r\n\r\nMOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has weak password requirement vulnerability. No detailed vulnerability details are currently provided. A remote attacker could exploit this vulnerability to launch further attacks on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25153"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"db": "VULMON",
"id": "CVE-2020-25153"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25153",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-287-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92374129",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56122",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3530",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-596",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25153",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"db": "VULMON",
"id": "CVE-2020-25153"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-596"
},
{
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"id": "VAR-202012-0523",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
}
]
},
"last_update_date": "2024-11-23T22:16:11.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/nport-iaw5000a-io-serial-device-servers-vulnerabilities"
},
{
"title": "Patch for MOXA NPort IAW5000A-I/O Series weak password requirement vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236299"
},
{
"title": "Moxa NPort IAW5000A-I/O Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130457"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-596"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-307",
"trust": 0.8
},
{
"problemtype": "CWE-319",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25196"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25153"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25190"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25192"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25194"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92374129/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25153"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3530/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"db": "VULMON",
"id": "CVE-2020-25153"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-596"
},
{
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"db": "VULMON",
"id": "CVE-2020-25153"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-596"
},
{
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25153"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-596"
},
{
"date": "2020-12-23T15:15:15.417000",
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56122"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25153"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-596"
},
{
"date": "2024-11-21T05:17:29.147000",
"db": "NVD",
"id": "CVE-2020-25153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-596"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa Made NPort IAW5000A-I/O Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-596"
}
],
"trust": 0.6
}
}
var-202308-2932
Vulnerability from variot
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. Moxa Inc. of NPort IAW5000A-I/O A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA NPort IAW5000A-I/O Series is a wireless device server used in an industrial environment by China MOXA Company. The server can realize the integration of on-site serial devices and wireless Ethernet, and integrates digital IO, which is suitable for industrial data acquisition applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2932",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport iaw5000a-i\\/o",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "nport iaw5000a-i/o",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "nport iaw5000a-i/o",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "nport iaw5000a-i/o",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "nport iaw5000a-i/o firmware 2.2 and earlier"
},
{
"model": "nport iaw5000a-i/o series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"cve": "CVE-2023-4204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-64101",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-4204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@moxa.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2023-4204",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-4204",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-4204",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-4204",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-4204",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-64101",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"db": "NVD",
"id": "CVE-2023-4204"
},
{
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. Moxa Inc. of NPort IAW5000A-I/O A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA NPort IAW5000A-I/O Series is a wireless device server used in an industrial environment by China MOXA Company. The server can realize the integration of on-site serial devices and wireless Ethernet, and integrates digital IO, which is suitable for industrial data acquisition applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"db": "VULMON",
"id": "CVE-2023-4204"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-4204",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022519",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64101",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-4204",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"db": "VULMON",
"id": "CVE-2023-4204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"id": "VAR-202308-2932",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
}
]
},
"last_update_date": "2024-08-14T14:17:00.740000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452576"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"db": "VULMON",
"id": "CVE-2023-4204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"db": "VULMON",
"id": "CVE-2023-4204"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"date": "2023-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4204"
},
{
"date": "2024-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"date": "2023-08-16T16:15:11.573000",
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64101"
},
{
"date": "2023-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4204"
},
{
"date": "2024-01-23T06:35:00",
"db": "JVNDB",
"id": "JVNDB-2023-022519"
},
{
"date": "2023-08-24T15:50:59.857000",
"db": "NVD",
"id": "CVE-2023-4204"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0NPort\u00a0IAW5000A-I/O\u00a0 Vulnerability related to use of hardcoded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022519"
}
],
"trust": 0.8
}
}
var-202012-0504
Vulnerability from variot
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. An attacker with user rights can use this vulnerability to execute requests with administrative rights
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0504",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport iaw5000a-i\\/o",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "nport",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "version 2.1"
},
{
"model": "nport iaw5000a-i/o series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:nport_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
]
},
"cve": "CVE-2020-25194",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-25194",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-56123",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25194",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25194",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25194",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-56123",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-600",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-600"
},
{
"db": "NVD",
"id": "CVE-2020-25194"
},
{
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. An attacker with user rights can use this vulnerability to execute requests with administrative rights",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"db": "VULMON",
"id": "CVE-2020-25194"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25194",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-287-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92374129",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56123",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3530",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-600",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25194",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"db": "VULMON",
"id": "CVE-2020-25194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-600"
},
{
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"id": "VAR-202012-0504",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
}
]
},
"last_update_date": "2024-11-23T22:16:11.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/nport-iaw5000a-io-serial-device-servers-vulnerabilities"
},
{
"title": "Patch for MOXA NPort IAW5000A-I/O Series Authority Management Improper Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236302"
},
{
"title": "Moxa NPort IAW5000A-I/O Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130458"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-600"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-307",
"trust": 0.8
},
{
"problemtype": "CWE-319",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25196"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25153"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25190"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25192"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25194"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92374129/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25194"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3530/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189766"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"db": "VULMON",
"id": "CVE-2020-25194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-600"
},
{
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"db": "VULMON",
"id": "CVE-2020-25194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-600"
},
{
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25194"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-600"
},
{
"date": "2020-12-23T15:15:15.730000",
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56123"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25194"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-600"
},
{
"date": "2024-11-21T05:17:36.780000",
"db": "NVD",
"id": "CVE-2020-25194"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-600"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa Made NPort IAW5000A-I/O Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-600"
}
],
"trust": 0.6
}
}
var-202012-0507
Vulnerability from variot
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192.
The MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has a session fixation vulnerability. Attackers can use this vulnerability to access and hijack sessions by stealing cookies from users. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain access to another user's session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport iaw5000a-i\\/o",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "nport",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "version 2.1"
},
{
"model": "nport iaw5000a-i/o series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:nport_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
]
},
"cve": "CVE-2020-25198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25198",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-56124",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25198",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25198",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25198",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-56124",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-607",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-607"
},
{
"db": "NVD",
"id": "CVE-2020-25198"
},
{
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user\u2019s cookies. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. \n\r\n\r\nThe MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has a session fixation vulnerability. Attackers can use this vulnerability to access and hijack sessions by stealing cookies from users. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to gain access to another user\u0027s session",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"db": "VULMON",
"id": "CVE-2020-25198"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25198",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-287-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92374129",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56124",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3530",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-607",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25198",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"db": "VULMON",
"id": "CVE-2020-25198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-607"
},
{
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"id": "VAR-202012-0507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
}
]
},
"last_update_date": "2024-11-23T22:16:11.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/nport-iaw5000a-io-serial-device-servers-vulnerabilities"
},
{
"title": "Patch for Fixed bug in MOXA NPort IAW5000A-I/O Series session",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236305"
},
{
"title": "Moxa NPort IAW5000A-I/O Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130462"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-607"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.8
},
{
"problemtype": "CWE-307",
"trust": 0.8
},
{
"problemtype": "CWE-319",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25196"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25153"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25190"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25192"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25194"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92374129/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25198"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3530/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189759"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"db": "VULMON",
"id": "CVE-2020-25198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-607"
},
{
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"db": "VULMON",
"id": "CVE-2020-25198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-607"
},
{
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25198"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-607"
},
{
"date": "2020-12-23T15:15:15.933000",
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56124"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25198"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2021-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-607"
},
{
"date": "2024-11-21T05:17:37.477000",
"db": "NVD",
"id": "CVE-2020-25198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-607"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa Made NPort IAW5000A-I/O Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-607"
}
],
"trust": 0.6
}
}
var-202012-0503
Vulnerability from variot
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192.
The MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0503",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport iaw5000a-i\\/o",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "nport",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "version 2.1"
},
{
"model": "nport iaw5000a-i/o series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:nport_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
]
},
"cve": "CVE-2020-25192",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-25192",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-56119",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-25192",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25192",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25192",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-56119",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-584",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-584"
},
{
"db": "NVD",
"id": "CVE-2020-25192"
},
{
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. \n\r\n\r\nThe MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25192"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"db": "VULMON",
"id": "CVE-2020-25192"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25192",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-287-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92374129",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3530",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-584",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25192",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"db": "VULMON",
"id": "CVE-2020-25192"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-584"
},
{
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"id": "VAR-202012-0503",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
}
]
},
"last_update_date": "2024-11-23T22:16:11.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/nport-iaw5000a-io-serial-device-servers-vulnerabilities"
},
{
"title": "Patch for MOXA NPort IAW5000A-I/O Series information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236287"
},
{
"title": "Moxa NPort IAW5000A-I/O Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130454"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-584"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-307",
"trust": 0.8
},
{
"problemtype": "CWE-319",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25196"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25153"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25190"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25192"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25194"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92374129/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25192"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3530/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189770"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"db": "VULMON",
"id": "CVE-2020-25192"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-584"
},
{
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"db": "VULMON",
"id": "CVE-2020-25192"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-584"
},
{
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25192"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-584"
},
{
"date": "2020-12-23T15:15:15.620000",
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56119"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25192"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-584"
},
{
"date": "2024-11-21T05:17:36.400000",
"db": "NVD",
"id": "CVE-2020-25192"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-584"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa Made NPort IAW5000A-I/O Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-584"
}
],
"trust": 0.6
}
}
var-202012-0506
Vulnerability from variot
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The vulnerability stems from the built-in Web server allowing SSH/Telnet sessions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nport iaw5000a-i\\/o",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "nport",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "version 2.1"
},
{
"model": "nport iaw5000a-i/o series",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:nport_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
]
},
"cve": "CVE-2020-25196",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-25196",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-56120",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-25196",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 2.4,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25196",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2020-25196",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-009054",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-56120",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-588",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-588"
},
{
"db": "NVD",
"id": "CVE-2020-25196"
},
{
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The vulnerability stems from the built-in Web server allowing SSH/Telnet sessions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25196"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"db": "VULMON",
"id": "CVE-2020-25196"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25196",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-287-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU92374129",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56120",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3530",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-588",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25196",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"db": "VULMON",
"id": "CVE-2020-25196"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-588"
},
{
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"id": "VAR-202012-0506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
}
],
"trust": 1.5375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
}
]
},
"last_update_date": "2024-11-23T22:16:11.839000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/nport-iaw5000a-io-serial-device-servers-vulnerabilities"
},
{
"title": "Patch for MOXA NPort IAW5000A-I/O Series over-certification improper restriction vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236296"
},
{
"title": "Moxa NPort IAW5000A-I/O Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130455"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-588"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.8
},
{
"problemtype": "CWE-384",
"trust": 0.8
},
{
"problemtype": "CWE-319",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.8
},
{
"problemtype": "CWE-521",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25196"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25198"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25153"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25190"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25192"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25194"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92374129/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25196"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3530/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189769"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"db": "VULMON",
"id": "CVE-2020-25196"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-588"
},
{
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"db": "VULMON",
"id": "CVE-2020-25196"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-588"
},
{
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25196"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-588"
},
{
"date": "2020-12-23T15:15:15.807000",
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56120"
},
{
"date": "2020-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25196"
},
{
"date": "2020-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009054"
},
{
"date": "2020-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-588"
},
{
"date": "2024-11-21T05:17:37.120000",
"db": "NVD",
"id": "CVE-2020-25196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-588"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa Made NPort IAW5000A-I/O Multiple vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-588"
}
],
"trust": 0.6
}
}
CVE-2023-4929 (GCVE-0-2023-4929)
Vulnerability from cvelistv5
Published
2023-10-03 13:54
Modified
2024-09-23 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Summary
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Moxa | NPort 5000AI-M12 Series |
Version: 1.0 < |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:nport_5100ai_m12:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5100ai_m12",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_5100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5100",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:nport_5100a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5100a",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:nport_5200_series_firmware:2.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5200_series_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:nport_5200a_series_firmware:1.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5200a_series_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5600_series_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_5600_dt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5600_dt",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_ia_5000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_ia_5000",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_ia_5000a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_ia_5000a",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_ia_5000a_io:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_ia_5000a_io",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_iaw_5000a_io:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_iaw_5000a_io",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_p5150a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_p5150a",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:08:12.493856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:29:04.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort 5000AI-M12 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5100 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5100A Series ",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5200 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5200A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5400 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5600 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5600-DT Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IA5000 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IA5000A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IA5000A-I/O Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IAW5000A-I/O Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort P5150A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAll firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\u003c/p\u003e"
}
],
"value": "All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-145",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-145 Checksum Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T13:54:49.293Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf\"\u003e\u003cu\u003ehardening guide\u003c/u\u003e\u003c/a\u003e in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \u003c/p\u003e\u003cp\u003eMoxa recommends users follow these CISA recommendations. Users should \u003c/p\u003e\u003col\u003e\u003cli\u003eReduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\u003c/li\u003e\u003cli\u003ePlace control system networks and remote devices behind firewalls, isolating them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "Due to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the hardening guide https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \n\nMoxa recommends users follow these CISA recommendations. Users should \n\n * Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\n * Place control system networks and remote devices behind firewalls, isolating them from business networks.\n * When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-4929",
"datePublished": "2023-10-03T13:54:49.293Z",
"dateReserved": "2023-09-13T01:12:13.466Z",
"dateUpdated": "2024-09-23T13:29:04.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4204 (GCVE-0-2023-4204)
Vulnerability from cvelistv5
Published
2023-08-16 15:12
Modified
2024-10-01 18:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | NPort IAW5000A-I/O Series |
Version: 1.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:14:03.845014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:25:33.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort IAW5000A-I/O Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.\u003c/p\u003e"
}
],
"value": "NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T15:12:01.169Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: \u003cbr\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eNPort IAW5000A-I/O Series:\u0026nbsp;Please contact Moxa Technical Support for the security patch.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: \n\n * NPort IAW5000A-I/O Series:\u00a0Please contact Moxa Technical Support for the security patch.\n\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-4204",
"datePublished": "2023-08-16T15:12:01.169Z",
"dateReserved": "2023-08-07T11:03:04.564Z",
"dateUpdated": "2024-10-01T18:25:33.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}