CVE-2019-18238

Published Feb 26, 2020
Last updated 3 years ago
CVSS high 7.5
Overview

Description: In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-312
ics-cert@hq.dhs.gov: CWE-312
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1060F63B-42E8-4EE0-9A71-933080629E45",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC91E5AB-0CEE-4D58-83C4-EC3066F2D368"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEA38DDD-0A0A-42FB-8C43-A3E0D0267B6D",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1BC9692C-08EC-4CDE-A69A-75C172130362"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-hspa_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09259434-AE8D-463A-8A83-4466D24B4F8D",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-hspa:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D4FF9E8-D2A1-4EED-A56C-C5517775C3CC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-hspa-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11BEF8E5-BEB4-41CA-8DEC-B2448290238C",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-hspa-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C968278D-D141-49ED-9973-C684CEDBD3BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-eu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50E1C82C-2B14-4406-BF86-02D5E29EBE4B",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0EA01CE1-F638-42F4-8E59-4FC7F7C8AB1D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-eu-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0544A1EF-5846-454F-8692-7635F1F23467",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-eu-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C808B157-E545-49C2-ACF8-9E460E3B8272"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-us_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B159DE1B-DE12-4F53-8B04-350978E808F6",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-us:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0E88BEA2-2EDB-4945-B800-E167EF93D50E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-us-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C3339E6-27FD-43A9-A95A-A499A3AF24C7",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-us-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "53A9D770-36C6-4F47-AA0B-D6A82306E303"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-jp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94B9F78B-884D-4775-8DC2-60C8A472BAD0",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-jp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B96F3BD8-26DB-4036-9AAA-8203390E72DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-jp-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3991346-BA4F-4720-BD58-329E62BA983C",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-jp-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B9A98AC-1F19-470B-BDE1-C1DB989D7D68"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "080CEAFC-E949-42BD-8C5B-279FAFAE1B46",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8D7DF27-9153-4891-8430-CEDC84C82FD5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F209813-866A-473D-BF5D-76D90C01AF88",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "489B9CFB-EDE6-4C4A-8D8F-3BB27F2598BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-hspa_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD426ED7-5CDB-4228-9A7C-3C14A3DC3593",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-hspa:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29EE1B92-C03D-424A-89CC-6EED8D24D114"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-hspa-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A890802-63ED-4027-A664-56DF3584F3AF",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-hspa-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2DF1FF86-D4CF-40DC-8FD8-9CAA5388C28F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-eu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BACBC50-E4DF-4B5D-BD66-64D297EB3048",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A420EC0-2968-4F08-97D7-7F2086323711"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-eu-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "890A531B-A992-4826-9227-936A1E0DCEA9",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-eu-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DBE2CB15-AAD1-44EC-AFE6-DBC2C7136680"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-us_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9012C4A1-8113-4A57-BA8D-B1717E19B3F1",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-us:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "642573FB-B3C4-483B-9409-3E8FA76299E3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-us-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A55D113-D470-42D4-9F36-7CC6B9C2223A",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-us-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5C69DDE3-DC55-4B8E-86A0-B32CB34FBA6E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-jp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CE2CCBD-F429-4652-96B4-959E0E52BCAB",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-jp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CE7B33B9-7F5D-4B92-911B-CC52106AA682"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-jp-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E188482-724C-482A-89DB-AF0FA6253139",
            "versionEndIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-jp-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE4B1667-CB60-4938-8A23-FF856FB2CD8B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
