CVE Vulnerability

CVE-2019-6522

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.

8.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 7.8

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact COMPLETE

Scope

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 US Government Resource Third Party Advisory
http://www.securityfocus.com/bid/107178 Third Party Advisory VDB Entry
Configurations

Configuration 1
Information

Published : 2019-03-05 08:29

Updated : 2022-11-30 10:21

NVD link : CVE-2019-6522

Mitre link : CVE-2019-6522

Products Affected

Eds-510a Firmware

Moxa

CWE
CWE-125

Out-of-bounds Read