CVE-2020-27149

By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with Read Only privilege level can send requests via the web console to have the devices configuration changed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
KasperskyCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
moxanport_ia5150a_firmware
𝑥
< 1.5
moxanport_ia5250a_firmware
𝑥
< 1.5
moxanport_ia5450a_firmware
𝑥
< 2.0
𝑥
= Vulnerable software versions
References
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-018%2C
https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-018%2C
https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities