CVE-2020-27149

EUVD-2020-19673
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
moxanport_ia5150a_firmware
𝑥
< 1.5
moxanport_ia5250a_firmware
𝑥
< 1.5
moxanport_ia5450a_firmware
𝑥
< 2.0
𝑥
= Vulnerable software versions
References
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-018%2C
https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-018%2C
https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities