Main Vulnerability Database Vulnerabilities #VU21340

Use of a broken or risky cryptographic algorithm in Moxa EDS-510E and Moxa EDS-G516E - #VU21340

Published: September 25, 2019

Vulnerability identifier: #VU21340

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-327

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Moxa

Affected software:
Moxa EDS-510E
Moxa EDS-G516E

Detailed vulnerability description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to usage of weak cryptographic algorithm. A remote non-authenticated attacker with ability to perform man-in-the-middle attack can intercept and decrypt sensitive data (e.g. device configuration), passed via insecure channel.

Remediation

Install updates from vendor's website.

Also vendor recommends to enable Password on configuration file from Configuration File Encryption Setting.

Sources

https://www.moxa.com/en/support/support/security-advisory/eds-g516e-510e-ethernet-switches-vulnerabilities

Use of a broken or risky cryptographic algorithm in Moxa EDS-510E and Moxa EDS-G516E - #VU21340

Detailed vulnerability description

Remediation

Sources

Please verify you're human