CVE-2018-10632 — HIGH (7.5)

Vulnerability Description

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Moxa	Nport 5230 Firmware	2.9
Moxa	Nport 5230	-
Moxa	Nport 5232 Firmware	2.9
Moxa	Nport 5232	-
Moxa	Nport 5210 Firmware	2.9
Moxa	Nport 5210	-

Related Weaknesses (CWE)

CWE-400

References

http://www.securityfocus.com/bid/104863Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/104863Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-200-04Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-10632?

CVE-2018-10632 is a vulnerability with a CVSS score of 7.5 (HIGH). In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.

How severe is CVE-2018-10632?

CVE-2018-10632 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10632?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport 5230 Firmware, Moxa Nport 5230, Moxa Nport 5232 Firmware, Moxa Nport 5232, Moxa Nport 5210 Firmware.