← Back

CVE-2021-32968

nvd nist
Published: Apr 1, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.

Affected (4)

Moxa
4 products
Nport Iaw5150a 6i/o Firmware
Nport Iaw5150a 12i/o Firmware
Nport Iaw5250a 6i/o Firmware
Nport Iaw5250a 12i/o Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5150a 6i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5150a 6i/o
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5150a 12i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5150a 12i/o
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5250a 6i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5250a 6i/o
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5250a 12i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5250a 12i/o
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: ics-cert@hq.dhs.gov
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.