CVE-2022-40691

Published: Feb 7, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

Affected (2)

Products: Moxa: Sds 3008 Firmware, Sds 3008 T Firmware

2 products

Sds 3008 Firmware

Sds 3008 T Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Sds 3008 Firmware	Up to 2.1

Running on/with	Platform Versions
Moxa Sds 3008	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Sds 3008 T Firmware	Up to 2.1

Running on/with	Platform Versions
Moxa Sds 3008 T	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (5)

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1621

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities

Source: talos-cna@cisco.com

Vendor Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1621

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1621

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.