Vulnerability Description
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Nport Ia5150A Firmware | <= 1.4 |
| Moxa | Nport Ia5150A | - |
| Moxa | Nport Ia5250A Firmware | <= 1.4 |
| Moxa | Nport Ia5250A | - |
| Moxa | Nport Ia5450A Firmware | <= 1.7 |
| Moxa | Nport Ia5450A | - |
Related Weaknesses (CWE)
References
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
FAQ
What is CVE-2020-27184?
CVE-2020-27184 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the...
How severe is CVE-2020-27184?
CVE-2020-27184 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27184?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport Ia5150A Firmware, Moxa Nport Ia5150A, Moxa Nport Ia5250A Firmware, Moxa Nport Ia5250A, Moxa Nport Ia5450A Firmware.