ICSA-20-287-01 · Published 2020-10-13 · View on CISA ICS-CERT ↗

MOXA NPort IAW5000A-I/O Series

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain access to and hijack a session; allow an attacker with user privileges to perform requests with administrative privileges; allow the use of weak passwords; allow credentials of third-party services to be transmitted in cleartext; allow the use of brute force to bypass authentication on an SSH/Telnet session; or allow access to sensitive information without proper authorization.

CVEs (6)

CVE-2020-25198 CVE-2020-25194 CVE-2020-25153 CVE-2020-25190 CVE-2020-25196 CVE-2020-25192

Remediations

Moxa has released an updated firmware version for the NPort IAW5000A-I/O Series and recommends users install this update on all affected systems.

Affected Vendors

MOXA

Affected Products (1)

MOXA · NPort <= 2.1

Affected Sectors

Energy Sector

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more