← Back

CVE-2021-32970

nvd nist
Published: Apr 1, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.

Affected (4)

Moxa
4 products
Nport Iaw5150a 6i/o Firmware
Nport Iaw5150a 12i/o Firmware
Nport Iaw5250a 6i/o Firmware
Nport Iaw5250a 12i/o Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5150a 6i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5150a 6i/o
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5150a 12i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5150a 12i/o
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5250a 6i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5250a 6i/o
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nport Iaw5250a 12i/o Firmware
Up to 2.2
Running on/withPlatform Versions
Moxa
Nport Iaw5250a 12i/o
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: ics-cert@hq.dhs.gov
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.