CVE-2024-6785

CWE-313 CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 77.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mxview ONE Central Manager Series Moxa Mxview ONE Series Moxa Mxview ONE +1 more

Timeline

PublishedSep 21

Description

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

▶NVDmoxa/mxview_one< 1.4.1

▶CVEListV5moxa/mxview_one_series< 1.3.0

▶CVEListV5moxa/mxview_one_central_manager_series< 1.0.0

▶NVDmoxa/mxview_one_central_manager1.0.0

Patches

Patch: www.moxa.com ↗

🔴Vulnerability Details

GHSA

GHSA-8hgr-rp5m-j4mg: The configuration file stores credentials in cleartext↗2024-09-21

▶

CVEList

MXview One and MXview One Central Manager Series store cleartext credentials in a local file↗2024-09-21

▶