Vulnerability Description
In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Nport Ia5150A Firmware | <= 1.4 |
| Moxa | Nport Ia5150A | - |
| Moxa | Nport Ia5250A Firmware | <= 1.4 |
| Moxa | Nport Ia5250A | - |
| Moxa | Nport Ia5450A Firmware | <= 1.7 |
| Moxa | Nport Ia5450A | - |
References
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
FAQ
What is CVE-2020-27150?
CVE-2020-27150 is a vulnerability with a CVSS score of 7.5 (HIGH). In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-s...
How severe is CVE-2020-27150?
CVE-2020-27150 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27150?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport Ia5150A Firmware, Moxa Nport Ia5150A, Moxa Nport Ia5250A Firmware, Moxa Nport Ia5250A, Moxa Nport Ia5450A Firmware.