CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-6557
https://notcve.org/view.php?id=CVE-2019-6557
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. Se han identificado varias vulnerabilidades de desbordamiento de búfer en Moxa IKS y EDS, lo que podría permitir la ejecución remota de código. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6524
https://notcve.org/view.php?id=CVE-2019-6524
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. Moxa IKS y EDS no implementan medidas suficientes para evitar múltiples intentos fallidos de autenticación, lo que podría permitir que un atacante descubra contraseñas mediante un ataque de fuerza bruta. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6522
https://notcve.org/view.php?id=CVE-2019-6522
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. Moxa IKS y EDS no comprueban adecuadamente los límites de array que podrían permitir que un atacante lea memoria del dispositivo en direcciones arbitrarias y podría permitir que un atacante recupere datos sensibles o provoque el reinicio del dispositivo. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6520
https://notcve.org/view.php?id=CVE-2019-6520
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. Moxa IKS y EDS no comprueban adecuadamente la autoridad del lado del servidor, lo que resulta en que un usuario de solo lectura sea capaz de realizar cambios arbitrarios en la configuración. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6518
https://notcve.org/view.php?id=CVE-2019-6518
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Moxa IKS y EDS almacenan contraseñas en texto plano, lo que podría permitir que alguien con acceso al dispositivo lea información sensible. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-256: Plaintext Storage of a Password CWE-311: Missing Encryption of Sensitive Data •