CVE-2019-6522

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.3%

top 46.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Eds-405a Firmware Moxa Eds-408a Firmware Moxa Eds-510a Firmware +1 more

Timeline

PublishedMar 5

Latest updateMay 13

Description

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶NVDmoxa/eds-405a_firmware3.8

▶NVDmoxa/eds-408a_firmware3.8

▶NVDmoxa/eds-510a_firmware3.8

▶NVDmoxa/iks-g6824a_firmware4.5

🔴Vulnerability Details

GHSA

GHSA-j83f-2hmq-pjmf: Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attac↗2022-05-13

▶

CVEList

CVE-2019-6522: Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attac↗2019-03-05

▶