1 |
Improper Access Control (CWE-284)
CVE-2020-27149, KLCERT-20-018 |
Attackers can exploit this vulnerability to elevate the privilege level of the user controlled by them or to receive requests that require a higher privilege level. |
2 |
Unprotected Storage of Credentials (CWE-256)
CVE-2020-27150, KLCERT-20-019 |
An attacker can extract authentication credentials from a configuration file sent over an insecure communication channel. The data extracted can subsequently be used to authenticate via Moxa Service and change the device’s configurations. |
3 |
Cleartext Transmission of Sensitive Information (CWE-319)
CVE-2020-27184, KLCERT-20-020 |
An attacker could read all data transferred between the client and the device if the communication is carried out over Telnet, including authentication credentials, device configuration data, the device version, and other sensitive data. |
4 |
Cleartext Transmission of Sensitive Information (CWE-319)
CVE-2020-27185, KLCERT-20-021 |
Successfully exploiting this vulnerability could enable attackers to read all traffic sent when Moxa Service is enabled. This includes authentication data, device configurations, the device version, and other sensitive data. |