Vulnerability Description
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Iks-G6824A Firmware | <= 4.5 |
| Moxa | Iks-G6824A | - |
| Moxa | Eds-405A Firmware | <= 3.8 |
| Moxa | Eds-405A | - |
| Moxa | Eds-408A Firmware | <= 3.8 |
| Moxa | Eds-408A | - |
| Moxa | Eds-510A Firmware | <= 3.8 |
| Moxa | Eds-510A | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107178Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/107178Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-6524?
CVE-2019-6524 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
How severe is CVE-2019-6524?
CVE-2019-6524 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-6524?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Iks-G6824A Firmware, Moxa Iks-G6824A, Moxa Eds-405A Firmware, Moxa Eds-405A, Moxa Eds-408A Firmware.