CVE-2020-27185
Summary
| CVE | CVE-2020-27185 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-14 13:15:00 UTC |
| Updated | 2023-11-07 03:20:00 UTC |
| Description | Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Moxa | Nport Ia5150a | - | All | All | All |
| Operating System | Moxa | Nport Ia5150a Firmware | All | All | All | All |
| Hardware | Moxa | Nport Ia5250a | - | All | All | All |
| Operating System | Moxa | Nport Ia5250a Firmware | All | All | All | All |
| Hardware | Moxa | Nport Ia5450a | - | All | All | All |
| Operating System | Moxa | Nport Ia5450a Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| KLCERT-20-021: Moxa NPort IA5000A Series. Cleartext Transmission of Sensitive Information via Moxa Service | Kaspersky ICS CERT | ics-cert.kaspersky.com | ||
| KLCERT-20-021: Moxa NPort IA5000A Series. Cleartext Transmission of Sensitive Information via Moxa Service | Kaspersky ICS CERT | MISC | ics-cert.kaspersky.com | |
| NPort IA5000A Series Serial Device Servers Vulnerabilities | MISC | www.moxa.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.