CVE-2019-9097

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service.

Se detectó un problema en los dispositivos Moxa MGate MB3170 y MB3270 versiones anteriores a la versión 4.1, en los dispositivos MB3280 y MB3480 versiones anteriores a la versión 3.1, en los dispositivos MB3660 versiones anteriores a la versión 2.3 y en los dispositivos MB3180 versiones anteriores a la versión 2.1. Una alta tasa de tráfico en tránsito puede causar una condición de baja memoria y una denegación de servicio.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-02-24 CVE Reserved
2020-03-11 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (2)

URL	Tag	Source
https://www.us-cert.gov/ics/advisories/icsa-20-056-01	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities	2020-03-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Moxa Search vendor "Moxa"	Mb3170 Firmware Search vendor "Moxa" for product "Mb3170 Firmware"	<= 4.0 Search vendor "Moxa" for product "Mb3170 Firmware" and version " <= 4.0"	-	Affected	in	Moxa Search vendor "Moxa"	Mb3170 Search vendor "Moxa" for product "Mb3170"	-	-	Safe
Moxa Search vendor "Moxa"	Mb3270 Firmware Search vendor "Moxa" for product "Mb3270 Firmware"	<= 4.0 Search vendor "Moxa" for product "Mb3270 Firmware" and version " <= 4.0"	-	Affected	in	Moxa Search vendor "Moxa"	Mb3270 Search vendor "Moxa" for product "Mb3270"	-	-	Safe
Moxa Search vendor "Moxa"	Mb3180 Firmware Search vendor "Moxa" for product "Mb3180 Firmware"	<= 2.0 Search vendor "Moxa" for product "Mb3180 Firmware" and version " <= 2.0"	-	Affected	in	Moxa Search vendor "Moxa"	Mb3180 Search vendor "Moxa" for product "Mb3180"	-	-	Safe
Moxa Search vendor "Moxa"	Mb3280 Firmware Search vendor "Moxa" for product "Mb3280 Firmware"	<= 3.0 Search vendor "Moxa" for product "Mb3280 Firmware" and version " <= 3.0"	-	Affected	in	Moxa Search vendor "Moxa"	Mb3280 Search vendor "Moxa" for product "Mb3280"	-	-	Safe
Moxa Search vendor "Moxa"	Mb3480 Firmware Search vendor "Moxa" for product "Mb3480 Firmware"	<= 3.0 Search vendor "Moxa" for product "Mb3480 Firmware" and version " <= 3.0"	-	Affected	in	Moxa Search vendor "Moxa"	Mb3480 Search vendor "Moxa" for product "Mb3480"	-	-	Safe
Moxa Search vendor "Moxa"	Mb3660 Firmware Search vendor "Moxa" for product "Mb3660 Firmware"	<= 2.2 Search vendor "Moxa" for product "Mb3660 Firmware" and version " <= 2.2"	-	Affected	in	Moxa Search vendor "Moxa"	Mb3660 Search vendor "Moxa" for product "Mb3660"	-	-	Safe