Lucene search

TalosCVELIST:CVE-2022-40224

HistoryFeb 07, 2023 - 4:52 p.m.

CVE-2022-40224

2023-02-0716:52:03

CWE-410

talos

www.cve.org

denial of service

moxa sds-3008

ethernet switch

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.005

Percentile

76.9%

JSON

A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Moxa",
    "product": "SDS-3008 Series Industrial Ethernet Switch",
    "versions": [
      {
        "version": "2.1",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1618

www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.005

Percentile

76.9%

JSON

Related for CVELIST:CVE-2022-40224