CVE-2018-7506

CWE-200 — Information Exposure3 documents3 sources

Severity

7.5HIGH

EPSS

1.1%

top 22.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mxview Ics-cert Moxa Mxview

Timeline

PublishedApr 6

Latest updateMay 13

Description

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmoxa/mxview2.8

▶CVEListV5ics-cert/moxa_mxviewMXview versions 2.8 and prior

🔴Vulnerability Details

GHSA

GHSA-3h32-9hq6-4rcq: The private key of the web server in Moxa MXview versions 2↗2022-05-13

▶

CVEList

CVE-2018-7506: The private key of the web server in Moxa MXview versions 2↗2018-04-06

▶