CVE-2019-18238

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 65.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Moxa Iologik 2512-hspa-t FirmwareMoxa Iologik 2512-hspa FirmwareMoxa Iologik 2512-t Firmware+17 more
Timeline
PublishedFeb 26
Latest updateMay 24

Description

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages20 packages

🔴Vulnerability Details

2
GHSA
GHSA-9g94-m2hg-vj88: Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ioLogik 2500 series firmware, Version 32022-05-24
CVEList
CVE-2019-18238: In Moxa ioLogik 2500 series firmware, Version 32020-02-26