{"api_version":"1","generated_at":"2026-04-24T08:09:31+00:00","cve":"CVE-2020-27185","urls":{"html":"https://cve.report/CVE-2020-27185","api":"https://cve.report/api/cve/CVE-2020-27185.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-27185","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-27185"},"summary":{"title":"CVE-2020-27185","description":"Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.","state":"PUBLIC","assigner":"vulnerability@kaspersky.com","published_at":"2021-05-14 13:15:00","updated_at":"2023-11-07 03:20:00"},"problem_types":["CWE-319"],"metrics":[],"references":[{"url":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021%2C","name":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021%2C","refsource":"","tags":[],"title":"KLCERT-20-021: Moxa NPort IA5000A Series. Cleartext Transmission of Sensitive Information via Moxa Service | Kaspersky ICS CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021,","name":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021,","refsource":"MISC","tags":[],"title":"KLCERT-20-021: Moxa NPort IA5000A Series. Cleartext Transmission of Sensitive Information via Moxa Service | Kaspersky ICS CERT","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities","name":"https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities","refsource":"MISC","tags":[],"title":"NPort IA5000A Series Serial Device Servers Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-27185","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27185","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"27185","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"nport_ia5150a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27185","vulnerable":"1","versionEndIncluding":"1.4","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"nport_ia5150a_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27185","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"nport_ia5250a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27185","vulnerable":"1","versionEndIncluding":"1.4","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"nport_ia5250a_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27185","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"nport_ia5450a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"27185","vulnerable":"1","versionEndIncluding":"1.7","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"nport_ia5450a_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-27185","ASSIGNER":"vulnerability@kaspersky.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"NPort IA5000A Series with Moxa Service enabled","version":{"version_data":[{"version_value":"All versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cleartext Transmission of Sensitive Information"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities","url":"https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities"},{"refsource":"MISC","name":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021,","url":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021,"}]},"description":{"description_data":[{"lang":"eng","value":"Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service."}]}},"nvd":{"publishedDate":"2021-05-14 13:15:00","lastModifiedDate":"2023-11-07 03:20:00","problem_types":["CWE-319"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:nport_ia5150a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:nport_ia5150a:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:nport_ia5250a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:nport_ia5250a:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:nport_ia5450a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:nport_ia5450a:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"27185","Ordinal":"188619","Title":"CVE-2020-27185","CVE":"CVE-2020-27185","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"27185","Ordinal":"1","NoteData":"Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"27185","Ordinal":"2","NoteData":"2021-05-14","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"27185","Ordinal":"3","NoteData":"2021-05-14","Type":"Other","Title":"Modified"}]}}}