CVE-2019-18238
Severity CVSS v4.0:
Pending analysis
Type:
CWE-312
Cleartext Storage of Sensitive Information
Publication date:
26/02/2020
Last modified:
01/01/2022
Description
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:moxa:iologik_2512_firmware:*:*:*:*:*:*:*:* | 3.0 (including) | |
| cpe:2.3:h:moxa:iologik_2512:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:moxa:iologik_2512-t_firmware:*:*:*:*:*:*:*:* | 3.0 (including) | |
| cpe:2.3:h:moxa:iologik_2512-t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:moxa:iologik_2512-hspa_firmware:*:*:*:*:*:*:*:* | 3.0 (including) | |
| cpe:2.3:h:moxa:iologik_2512-hspa:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:moxa:iologik_2512-hspa-t_firmware:*:*:*:*:*:*:*:* | 3.0 (including) | |
| cpe:2.3:h:moxa:iologik_2512-hspa-t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:moxa:iologik_2512-wl1-eu_firmware:*:*:*:*:*:*:*:* | 3.0 (including) | |
| cpe:2.3:h:moxa:iologik_2512-wl1-eu:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:moxa:iologik_2512-wl1-eu-t_firmware:*:*:*:*:*:*:*:* | 3.0 (including) | |
| cpe:2.3:h:moxa:iologik_2512-wl1-eu-t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:moxa:iologik_2512-wl1-us_firmware:*:*:*:*:*:*:*:* | 3.0 (including) | |
| cpe:2.3:h:moxa:iologik_2512-wl1-us:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:moxa:iologik_2512-wl1-us-t_firmware:*:*:*:*:*:*:*:* | 3.0 (including) |
To consult the complete list of CPE names with products and versions, see this page