CVE-2019-6524

CWE-3073 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 51.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Eds-405a Firmware Moxa Eds-408a Firmware Moxa Eds-510a Firmware +1 more

Timeline

PublishedMar 5

Latest updateMay 13

Description

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDmoxa/eds-405a_firmware3.8

▶NVDmoxa/eds-408a_firmware3.8

▶NVDmoxa/eds-510a_firmware3.8

▶NVDmoxa/iks-g6824a_firmware4.5

🔴Vulnerability Details

GHSA

GHSA-xm5x-38fw-r6fq: Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover pass↗2022-05-13

▶

CVEList

CVE-2019-6524: Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover pass↗2019-03-05

▶