NPort IAW5000A-I/O
by Moxa
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32974 | Cri | 0.64 | 9.8 | 0.03 | Apr 1, 2022 | Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | ||
| CVE-2020-25196 | Cri | 0.64 | 9.8 | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | ||
| CVE-2020-25153 | Cri | 0.64 | 9.8 | 0.01 | Dec 23, 2020 | The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | ||
| CVE-2020-25198 | Hig | 0.57 | 8.8 | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. | ||
| CVE-2020-25194 | Hig | 0.57 | 8.8 | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | ||
| CVE-2020-25190 | Hig | 0.49 | 7.5 | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. | ||
| CVE-2020-25192 | Med | 0.35 | 5.3 | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. |
- risk 0.64cvss 9.8epss 0.03
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
- risk 0.64cvss 9.8epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
- risk 0.64cvss 9.8epss 0.01
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
- risk 0.57cvss 8.8epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
- risk 0.57cvss 8.8epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
- risk 0.49cvss 7.5epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
- risk 0.35cvss 5.3epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.