CVE-2020-27185
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
Una transmisión de texto sin cifrar de información confidencial por medio del servicio Moxa en los dispositivos seriales de la serie NPort IA5000A. Una explotación con éxito de la vulnerabilidad podría permitir a los atacantes leer datos de autenticación, la configuración del dispositivo y otros datos confidenciales transmitidos mediante el Servicio Moxa
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-10-16 CVE Reserved
- 2021-05-14 CVE Published
- 2024-01-28 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021%2C | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moxa Search vendor "Moxa" | Nport Ia5150a Firmware Search vendor "Moxa" for product "Nport Ia5150a Firmware" | <= 1.4 Search vendor "Moxa" for product "Nport Ia5150a Firmware" and version " <= 1.4" | - |
Affected
| in | Moxa Search vendor "Moxa" | Nport Ia5150a Search vendor "Moxa" for product "Nport Ia5150a" | - | - |
Safe
|
| Moxa Search vendor "Moxa" | Nport Ia5250a Firmware Search vendor "Moxa" for product "Nport Ia5250a Firmware" | <= 1.4 Search vendor "Moxa" for product "Nport Ia5250a Firmware" and version " <= 1.4" | - |
Affected
| in | Moxa Search vendor "Moxa" | Nport Ia5250a Search vendor "Moxa" for product "Nport Ia5250a" | - | - |
Safe
|
| Moxa Search vendor "Moxa" | Nport Ia5450a Firmware Search vendor "Moxa" for product "Nport Ia5450a Firmware" | <= 1.7 Search vendor "Moxa" for product "Nport Ia5450a Firmware" and version " <= 1.7" | - |
Affected
| in | Moxa Search vendor "Moxa" | Nport Ia5450a Search vendor "Moxa" for product "Nport Ia5450a" | - | - |
Safe
|