Vulnerability CVE-2019-6522


Published: 2019-03-05   Modified: 2019-03-06

Description:
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.5/10
7.8/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Complete
Affected software
MOXA -> Eds-405a firmware 
MOXA -> Eds-408a firmware 
MOXA -> Eds-510a firmware 
MOXA -> Iks-g6824a firmware 

 References:
http://www.securityfocus.com/bid/107178
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01

Copyright 2022, cxsecurity.com

 

Back to Top