Vulnerability Description
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Nport 5100A Firmware | <= 1.5 |
| Moxa | Nport 5100A | - |
Related Weaknesses (CWE)
References
- https://blog.scadafence.com/technical-blog-cve-2020-12117-industrial-iot-insecurThird Party Advisory
- https://www.moxa.com/en/support/support/security-advisory/nport-5100a-series-serPatchVendor Advisory
- https://blog.scadafence.com/technical-blog-cve-2020-12117-industrial-iot-insecurThird Party Advisory
- https://www.moxa.com/en/support/support/security-advisory/nport-5100a-series-serPatchVendor Advisory
FAQ
What is CVE-2020-12117?
CVE-2020-12117 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthentica...
How severe is CVE-2020-12117?
CVE-2020-12117 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12117?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport 5100A Firmware, Moxa Nport 5100A.