{"id": "CVE-2019-18238", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-02-26T22:15:11.390", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account."}, {"lang": "es", "value": "En el firmware Moxa ioLogik 2500 series, Versi\u00f3n 3.0 o inferior, y la utilidad de configuraci\u00f3n IOxpress, Versi\u00f3n 2.3.0 o inferior, la informaci\u00f3n confidencial es almacenada en archivos de configuraci\u00f3n sin cifrado, lo que puede permitir a un atacante acceder a una cuenta administrativa."}], "lastModified": "2022-01-01T17:40:46.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1060F63B-42E8-4EE0-9A71-933080629E45", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC91E5AB-0CEE-4D58-83C4-EC3066F2D368"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEA38DDD-0A0A-42FB-8C43-A3E0D0267B6D", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BC9692C-08EC-4CDE-A69A-75C172130362"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-hspa_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09259434-AE8D-463A-8A83-4466D24B4F8D", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-hspa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D4FF9E8-D2A1-4EED-A56C-C5517775C3CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-hspa-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11BEF8E5-BEB4-41CA-8DEC-B2448290238C", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-hspa-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C968278D-D141-49ED-9973-C684CEDBD3BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-eu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50E1C82C-2B14-4406-BF86-02D5E29EBE4B", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-eu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EA01CE1-F638-42F4-8E59-4FC7F7C8AB1D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-eu-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0544A1EF-5846-454F-8692-7635F1F23467", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-eu-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C808B157-E545-49C2-ACF8-9E460E3B8272"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-us_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B159DE1B-DE12-4F53-8B04-350978E808F6", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-us:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E88BEA2-2EDB-4945-B800-E167EF93D50E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-us-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C3339E6-27FD-43A9-A95A-A499A3AF24C7", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-us-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53A9D770-36C6-4F47-AA0B-D6A82306E303"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-jp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B9F78B-884D-4775-8DC2-60C8A472BAD0", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-jp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B96F3BD8-26DB-4036-9AAA-8203390E72DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2512-wl1-jp-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3991346-BA4F-4720-BD58-329E62BA983C", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2512-wl1-jp-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6B9A98AC-1F19-470B-BDE1-C1DB989D7D68"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "080CEAFC-E949-42BD-8C5B-279FAFAE1B46", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8D7DF27-9153-4891-8430-CEDC84C82FD5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F209813-866A-473D-BF5D-76D90C01AF88", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "489B9CFB-EDE6-4C4A-8D8F-3BB27F2598BC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-hspa_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD426ED7-5CDB-4228-9A7C-3C14A3DC3593", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-hspa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "29EE1B92-C03D-424A-89CC-6EED8D24D114"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-hspa-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A890802-63ED-4027-A664-56DF3584F3AF", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-hspa-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2DF1FF86-D4CF-40DC-8FD8-9CAA5388C28F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-eu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BACBC50-E4DF-4B5D-BD66-64D297EB3048", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-eu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A420EC0-2968-4F08-97D7-7F2086323711"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-eu-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "890A531B-A992-4826-9227-936A1E0DCEA9", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-eu-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBE2CB15-AAD1-44EC-AFE6-DBC2C7136680"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-us_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9012C4A1-8113-4A57-BA8D-B1717E19B3F1", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-us:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "642573FB-B3C4-483B-9409-3E8FA76299E3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-us-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A55D113-D470-42D4-9F36-7CC6B9C2223A", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-us-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5C69DDE3-DC55-4B8E-86A0-B32CB34FBA6E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-jp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CE2CCBD-F429-4652-96B4-959E0E52BCAB", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-jp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE7B33B9-7F5D-4B92-911B-CC52106AA682"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:iologik_2542-wl1-jp-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E188482-724C-482A-89DB-AF0FA6253139", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:iologik_2542-wl1-jp-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE4B1667-CB60-4938-8A23-FF856FB2CD8B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}