Design/Logic Flaw

2021-05-1412:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.

CPENameOperatorVersion
nport_ia5150a_firmwarele1.4
nport_ia5250a_firmwarele1.4
nport_ia5450a_firmwarele1.7

Name	Operator	Version
nport_ia5150a_firmware	le	1.4
nport_ia5250a_firmware	le	1.4
nport_ia5450a_firmware	le	1.7

References

ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-019%2C

www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities