Overview
- Description
- An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-532
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5768CC53-4855-45C6-9FD0-C3603B2FBA7C",
"versionEndIncluding": "1.7"
},
{
"criteria": "cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E099C55B-0E6B-448E-A524-7D405261DC88",
"versionEndIncluding": "1.3"
},
{
"criteria": "cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD73B290-2AB0-4AAB-B9D6-E655181C88D0",
"versionEndIncluding": "1.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "08E72C6A-A107-4EB6-9692-C769DE9EEA17"
},
{
"criteria": "cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AACCDD37-C2D0-473A-ACE5-2B1246BF4712"
},
{
"criteria": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C0017FB3-ADDC-477E-B4CD-4BFF1977CED0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]