Vulnerability Details CVE-2019-10963
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.2%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html
- https://www.us-cert.gov/ics/advisories/icsa-19-274-03
- http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html
- https://www.us-cert.gov/ics/advisories/icsa-19-274-03
Products affected by CVE-2019-10963
-
cpe:2.3:h:moxa:edr-810:-
-
cpe:2.3:o:moxa:edr-810_firmware:3.12
-
cpe:2.3:o:moxa:edr-810_firmware:4.1
-
cpe:2.3:o:moxa:edr-810_firmware:4.2
-
cpe:2.3:o:moxa:edr-810_firmware:5.1