7.5

CVE-2019-6518

Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoxaIks-g6824a Firmware Version <= 4.5
   MoxaIks-g6824a Version-
MoxaEds-405a Firmware Version <= 3.8
   MoxaEds-405a Version-
MoxaEds-408a Firmware Version <= 3.8
   MoxaEds-408a Version-
MoxaEds-510a Firmware Version <= 3.8
   MoxaEds-510a Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.295
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-256 Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

http://www.securityfocus.com/bid/107178
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
Third Party Advisory
US Government Resource