{"containers": {"cna": {"affected": [{"product": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower", "vendor": "n/a", "versions": [{"status": "affected", "version": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower"}]}], "descriptions": [{"lang": "en", "value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-24T16:45:16.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-18238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower", "version": {"version_data": [{"version_value": "Moxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:47:14.071Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-18238", "datePublished": "2020-02-26T21:19:56.000Z", "dateReserved": "2019-10-22T00:00:00.000Z", "dateUpdated": "2024-08-05T01:47:14.071Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1060F63B-42E8-4EE0-9A71-933080629E45", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC91E5AB-0CEE-4D58-83C4-EC3066F2D368", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEA38DDD-0A0A-42FB-8C43-A3E0D0267B6D", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BC9692C-08EC-4CDE-A69A-75C172130362", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-hspa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "09259434-AE8D-463A-8A83-4466D24B4F8D", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-hspa:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D4FF9E8-D2A1-4EED-A56C-C5517775C3CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-hspa-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "11BEF8E5-BEB4-41CA-8DEC-B2448290238C", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-hspa-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "C968278D-D141-49ED-9973-C684CEDBD3BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50E1C82C-2B14-4406-BF86-02D5E29EBE4B", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EA01CE1-F638-42F4-8E59-4FC7F7C8AB1D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-eu-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0544A1EF-5846-454F-8692-7635F1F23467", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-eu-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "C808B157-E545-49C2-ACF8-9E460E3B8272", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B159DE1B-DE12-4F53-8B04-350978E808F6", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E88BEA2-2EDB-4945-B800-E167EF93D50E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-us-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C3339E6-27FD-43A9-A95A-A499A3AF24C7", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-us-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "53A9D770-36C6-4F47-AA0B-D6A82306E303", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-jp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94B9F78B-884D-4775-8DC2-60C8A472BAD0", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-jp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B96F3BD8-26DB-4036-9AAA-8203390E72DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-jp-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3991346-BA4F-4720-BD58-329E62BA983C", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-jp-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B9A98AC-1F19-470B-BDE1-C1DB989D7D68", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "080CEAFC-E949-42BD-8C5B-279FAFAE1B46", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8D7DF27-9153-4891-8430-CEDC84C82FD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F209813-866A-473D-BF5D-76D90C01AF88", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "489B9CFB-EDE6-4C4A-8D8F-3BB27F2598BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-hspa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD426ED7-5CDB-4228-9A7C-3C14A3DC3593", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-hspa:-:*:*:*:*:*:*:*", "matchCriteriaId": "29EE1B92-C03D-424A-89CC-6EED8D24D114", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-hspa-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A890802-63ED-4027-A664-56DF3584F3AF", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-hspa-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DF1FF86-D4CF-40DC-8FD8-9CAA5388C28F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-eu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BACBC50-E4DF-4B5D-BD66-64D297EB3048", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A420EC0-2968-4F08-97D7-7F2086323711", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-eu-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "890A531B-A992-4826-9227-936A1E0DCEA9", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-eu-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBE2CB15-AAD1-44EC-AFE6-DBC2C7136680", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-us_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9012C4A1-8113-4A57-BA8D-B1717E19B3F1", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "642573FB-B3C4-483B-9409-3E8FA76299E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-us-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A55D113-D470-42D4-9F36-7CC6B9C2223A", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-us-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C69DDE3-DC55-4B8E-86A0-B32CB34FBA6E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-jp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CE2CCBD-F429-4652-96B4-959E0E52BCAB", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-jp:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE7B33B9-7F5D-4B92-911B-CC52106AA682", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-jp-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E188482-724C-482A-89DB-AF0FA6253139", "versionEndIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-jp-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE4B1667-CB60-4938-8A23-FF856FB2CD8B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account."}, {"lang": "es", "value": "En el firmware Moxa ioLogik 2500 series, Versi\u00f3n 3.0 o inferior, y la utilidad de configuraci\u00f3n IOxpress, Versi\u00f3n 2.3.0 o inferior, la informaci\u00f3n confidencial es almacenada en archivos de configuraci\u00f3n sin cifrado, lo que puede permitir a un atacante acceder a una cuenta administrativa."}], "id": "CVE-2019-18238", "lastModified": "2024-11-21T04:32:53.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-26T22:15:11.390", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}