CVE-2019-18238
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.
Affected (20)
Products: Moxa: Iologik 2512 Firmware, Iologik 2512 T Firmware, Iologik 2512 Hspa Firmware, Iologik 2512 Hspa T Firmware, Iologik 2512 Wl1 Eu Firmware, Iologik 2512 Wl1 Eu T Firmware, Iologik 2512 Wl1 Us Firmware, Iologik 2512 Wl1 Us T Firmware, Iologik 2512 Wl1 Jp Firmware, Iologik 2512 Wl1 Jp T Firmware, Iologik 2542 Firmware, Iologik 2542 T Firmware, Iologik 2542 Hspa Firmware, Iologik 2542 Hspa T Firmware, Iologik 2542 Wl1 Eu Firmware, Iologik 2542 Wl1 Eu T Firmware, Iologik 2542 Wl1 Us Firmware, Iologik 2542 Wl1 Us T Firmware, Iologik 2542 Wl1 Jp Firmware, Iologik 2542 Wl1 Jp T Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 T | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Hspa | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Hspa T | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Wl1 Eu | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Wl1 Eu T | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Wl1 Us | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Wl1 Us T | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Wl1 Jp | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2512 Wl1 Jp T | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 T | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Hspa | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Hspa T | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Wl1 Eu | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Wl1 Eu T | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Wl1 Us | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Wl1 Us T | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Wl1 Jp | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Iologik 2542 Wl1 Jp T | All versions |
References (2)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.