7.5
CVE-2020-27185
- EPSS 0.2%
- Veröffentlicht 14.05.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 05:20:50
- Quelle vulnerability@kaspersky.com
- CVE-Watchlists
- Unerledigt
LoginCleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Moxa ≫ Nport Ia5150a Firmware Version <= 1.4
Moxa ≫ Nport Ia5250a Firmware Version <= 1.4
Moxa ≫ Nport Ia5450a Firmware Version <= 1.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.424 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.