CVE-2018-18392

EUVD-2018-10121
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
moxathingspro
2.1
𝑥
= Vulnerable software versions
References
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/