CVE Vulnerability

CVE-2019-10963

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.us-cert.gov/ics/advisories/icsa-19-274-03 Third Party Advisory US Government Resource
http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-10-08 07:15

Updated : 2021-10-28 01:24

NVD link : CVE-2019-10963

Mitre link : CVE-2019-10963

Products Affected

Edr-810 Firmware

Moxa

CWE
NVD-CWE-Other