CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6526
https://notcve.org/view.php?id=CVE-2019-6526
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. Moxa IKS-G6824A series versión 4.5 y anteriores, EDS-405A series versión 3.8 y anteriores, EDS-408A series versión 3.8 y anteriores, y EDS-510A series versión 3.8 y anteriores transmiten información sensible en texto plano, lo que podría permitir a un atacante capturar información sensible como, por ejemplo, las contraseñas de administración. • https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6565
https://notcve.org/view.php?id=CVE-2019-6565
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. Moxa IKS y EDS no validan correctamente las entradas de usuario, lo que otorga a los atacantes, tanto autenticados como no, la capacidad de realizar ataques XSS, lo que podría emplearse para enviar un script malicioso. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6563
https://notcve.org/view.php?id=CVE-2019-6563
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. Moxa IKS y EDS generan una cookie predecible calculada con un hash MD5, lo que permite que un atacante capture la contraseña del administrador. Esto podría conducir al compromiso total del dispositivo. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-341: Predictable from Observable State CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6561
https://notcve.org/view.php?id=CVE-2019-6561
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. Se ha identificado Cross-Site Request Forgery (CSRF) en Moxa IKS y EDS, lo que podría permitir la ejecución de acciones no autorizadas en el dispositivo. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6559
https://notcve.org/view.php?id=CVE-2019-6559
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. Moxa IKS y EDS permiten que usuarios autenticados remotos provoquen una denegación de servicio (DoS) mediante un paquete especialmente manipulado, lo que podría provocar el cierre inesperado del switch. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-400: Uncontrolled Resource Consumption •