Vulnerability Description
The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Mxview | <= 2.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103722Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/103722Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-7506?
CVE-2018-7506 is a vulnerability with a CVSS score of 7.5 (HIGH). The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.
How severe is CVE-2018-7506?
CVE-2018-7506 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-7506?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Mxview.