Information disclosure in OnCell - CVE-2017-7913
Published: May 24, 2017 / Updated: May 24, 2017
Vulnerability identifier: #VU6678
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7913
CWE-ID: CWE-256
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
OnCell
OnCell
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to storing of passwords in plaintext. A local attacker can gain access to the files that store passwords in clear text and obtain credentials.
Successful exploitation of the vulnerability may result in information disclosure.
The weakness exists due to storing of passwords in plaintext. A local attacker can gain access to the files that store passwords in clear text and obtain credentials.
Successful exploitation of the vulnerability may result in information disclosure.
How to mitigate CVE-2017-7913
Install update from vendor's website.