Code injection

2021-05-1413:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.

CPENameOperatorVersion
nport_ia5150a_firmwarele1.4
nport_ia5250a_firmwarele1.4
nport_ia5450a_firmwarele1.7

Name	Operator	Version
nport_ia5150a_firmware	le	1.4
nport_ia5250a_firmware	le	1.4
nport_ia5450a_firmware	le	1.7

References

ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020%2C

www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities