Vulnerability Description
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Nport Iaw5150A-6I\/O Firmware | <= 2.2 |
| Moxa | Nport Iaw5150A-6I\/O | - |
| Moxa | Nport Iaw5150A-12I\/O Firmware | <= 2.2 |
| Moxa | Nport Iaw5150A-12I\/O | - |
| Moxa | Nport Iaw5250A-6I\/O Firmware | <= 2.2 |
| Moxa | Nport Iaw5250A-6I\/O | - |
| Moxa | Nport Iaw5250A-12I\/O Firmware | <= 2.2 |
| Moxa | Nport Iaw5250A-12I\/O | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01MitigationThird Party AdvisoryUS Government Resource
- https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000aVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01MitigationThird Party AdvisoryUS Government Resource
- https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000aVendor Advisory
FAQ
What is CVE-2021-32974?
CVE-2021-32974 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
How severe is CVE-2021-32974?
CVE-2021-32974 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-32974?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Nport Iaw5150A-6I\/O Firmware, Moxa Nport Iaw5150A-6I\/O, Moxa Nport Iaw5150A-12I\/O Firmware, Moxa Nport Iaw5150A-12I\/O, Moxa Nport Iaw5250A-6I\/O Firmware.