Vulnerability Description
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Nport Ia5150A Firmware | <= 1.4 |
| Moxa | Nport Ia5150A | - |
| Moxa | Nport Ia5250A Firmware | <= 1.4 |
| Moxa | Nport Ia5250A | - |
| Moxa | Nport Ia5450A Firmware | <= 1.7 |
| Moxa | Nport Ia5450A | - |
Related Weaknesses (CWE)
References
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20
- https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-Vendor Advisory
FAQ
What is CVE-2020-27185?
CVE-2020-27185 is a vulnerability with a CVSS score of 7.5 (HIGH). Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, d...
How severe is CVE-2020-27185?
CVE-2020-27185 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27185?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport Ia5150A Firmware, Moxa Nport Ia5150A, Moxa Nport Ia5250A Firmware, Moxa Nport Ia5250A, Moxa Nport Ia5450A Firmware.