Vulnerability Description
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Nport Ia5150A Firmware | < 1.5 |
| Moxa | Nport Ia5150A | - |
| Moxa | Nport Ia5250A Firmware | < 1.5 |
| Moxa | Nport Ia5250A | - |
| Moxa | Nport Ia5450A Firmware | < 2.0 |
| Moxa | Nport Ia5450A | - |
References
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
FAQ
What is CVE-2020-27149?
CVE-2020-27149 is a vulnerability with a CVSS score of 6.5 (MEDIUM). By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration chang...
How severe is CVE-2020-27149?
CVE-2020-27149 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27149?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport Ia5150A Firmware, Moxa Nport Ia5150A, Moxa Nport Ia5250A Firmware, Moxa Nport Ia5250A, Moxa Nport Ia5450A Firmware.