Lucene search

MoxaCVELIST:CVE-2023-4204

HistoryAug 16, 2023 - 3:12 p.m.

CVE-2023-4204 NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability

2023-08-1615:12:01

CWE-798

Moxa

www.cve.org

nport iaw5000a-i/o

hardcoded credential

vulnerability

firmware manipulation

security risk

integrity

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NPort IAW5000A-I/O Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "2.2",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2023-4204