7.1
CVE-2024-6785
- EPSS 0.11%
- Veröffentlicht 21.09.2024 05:15:11
- Zuletzt bearbeitet 27.09.2024 18:59:25
- Quelle psirt@moxa.com
- CVE-Watchlists
- Unerledigt
LoginMXview One and MXview One Central Manager Series store cleartext credentials in a local file
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Moxa ≫ Mxview One Version < 1.4.1
Moxa ≫ Mxview One Central Manager Version1.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.017 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| psirt@moxa.com | 6.8 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| psirt@moxa.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CWE-313 Cleartext Storage in a File or on Disk
The product stores sensitive information in cleartext in a file, or on disk.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series