Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility Cleartext Transmission of Sensitive Information (CVE-2020-7003)

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...

The vulnerability of the microprogrammed software of Moxa ioLogik 2542-HSPA remote input/output modules and the Moxa Ioxpress Configuration Utility, which involves storing critical information in the form of plain text, allows a perpetrator to intercept administrator credentials and other confidential information, thereby gaining access to the control system.

The vulnerability of the microprogrammed input/output module Moxa ioLogik 2542-HSPA and the Moxa Ioxpress Configuration Utility is related to the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious...

The vulnerability of the microprogramming software for Moxa ioLogik 2542-HSPA remote input/output modules and the Moxa Ioxpress Configuration Utility, which is related to the use of a unstable cryptographic algorithm, allows a intruder to gain unauthorized access to protected data.

The vulnerability of the microprogrammed input/output module Moxa ioLogik 2542-HSPA and the Moxa Ioxpress Configuration Utility lies in the use of a unstable cryptographic algorithm for storing and transmitting passwords. Exploiting this vulnerability allows an attacker operating remotely to gain...