CVE-2020-6989

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
moxapt-7528-24tx-hv_firmware
𝑥
≤ 4.0
moxapt-7528-24tx-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-24tx-wv_firmware
𝑥
≤ 4.0
moxapt-7528-24tx-wv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-24tx-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-12msc-12tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-12msc-12tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-12msc-12tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-12msc-12tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-12mst-12tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-12mst-12tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-12mst-12tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-12mst-12tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-16msc-8tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-16msc-8tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-16msc-8tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-16msc-8tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-16mst-8tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-16mst-8tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-16mst-8tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-16mst-8tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-20msc-4tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-20msc-4tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-20msc-4tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-20msc-4tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-20mst-4tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-20mst-4tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-20mst-4tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-20mst-4tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-8msc-16tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-8msc-16tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-8msc-16tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-8msc-16tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-8mst-16tx-4gsfp-hv_firmware
𝑥
≤ 4.0
moxapt-7528-8mst-16tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-8mst-16tx-4gsfp-wv_firmware
𝑥
≤ 4.0
moxapt-7528-8mst-16tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7528-8ssc-16tx-4gsfp-hv-hv_firmware
𝑥
≤ 4.0
moxapt-7528-8ssc-16tx-4gsfp-wv-wv_firmware
𝑥
≤ 4.0
moxapt-7828-f-24_firmware
𝑥
≤ 3.9
moxapt-7828-f-24-24_firmware
𝑥
≤ 3.9
moxapt-7828-f-24-hv_firmware
𝑥
≤ 3.9
moxapt-7828-f-48_firmware
𝑥
≤ 3.9
moxapt-7828-f-48-48_firmware
𝑥
≤ 3.9
moxapt-7828-f-48-hv_firmware
𝑥
≤ 3.9
moxapt-7828-f-hv_firmware
𝑥
≤ 3.9
moxapt-7828-f-hv-hv_firmware
𝑥
≤ 3.9
moxapt-7828-r-24_firmware
𝑥
≤ 3.9
moxapt-7828-r-24-24_firmware
𝑥
≤ 3.9
moxapt-7828-r-24-hv_firmware
𝑥
≤ 3.9
moxapt-7828-r-48_firmware
𝑥
≤ 3.9
moxapt-7828-r-48-48_firmware
𝑥
≤ 3.9
moxapt-7828-r-48-hv_firmware
𝑥
≤ 3.9
moxapt-7828-r-hv_firmware
𝑥
≤ 3.9
moxapt-7828-r-hv-hv_firmware
𝑥
≤ 3.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.us-cert.gov/ics/advisories/icsa-20-056-03
https://www.us-cert.gov/ics/advisories/icsa-20-056-03