Skip to main content

Pt 7528 24Tx Hv Firmware CVE-2020-6983

HIGH
Use of Hard-coded Cryptographic Key (CWE-321)
2020-03-24 ics-cert@hq.dhs.gov
Information Disclosure Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware Pt 7528 24Tx Wv Hv Firmware Pt 7528 24Tx Wv Wv Firmware Pt 7528 12Msc 12Tx 4Gsfp Hv Firmware Pt 7528 12Msc 12Tx 4Gsfp Hv Hv Firmware Pt 7528 12Msc 12Tx 4Gsfp Wv Firmware Pt 7528 12Msc 12Tx 4Gsfp Wv Wv Firmware Pt 7528 12Mst 12Tx 4Gsfp Hv Firmware Pt 7528 12Mst 12Tx 4Gsfp Hv Hv Firmware Pt 7528 12Mst 12Tx 4Gsfp Wv Firmware Pt 7528 12Mst 12Tx 4Gsfp Wv Wv Firmware Pt 7528 16Msc 8Tx 4Gsfp Hv Firmware Pt 7528 16Msc 8Tx 4Gsfp Hv Hv Firmware Pt 7528 16Msc 8Tx 4Gsfp Wv Firmware Pt 7528 16Msc 8Tx 4Gsfp Wv Wv Firmware Pt 7528 16Mst 8Tx 4Gsfp Hv Firmware Pt 7528 16Mst 8Tx 4Gsfp Hv Hv Firmware Pt 7528 16Mst 8Tx 4Gsfp Wv Firmware Pt 7528 16Mst 8Tx 4Gsfp Wv Wv Firmware Pt 7528 20Msc 4Tx 4Gsfp Hv Firmware Pt 7528 20Msc 4Tx 4Gsfp Hv Hv Firmware Pt 7528 20Msc 4Tx 4Gsfp Wv Firmware Pt 7528 20Msc 4Tx 4Gsfp Wv Wv Firmware Pt 7528 20Mst 4Tx 4Gsfp Hv Firmware Pt 7528 20Mst 4Tx 4Gsfp Hv Hv Firmware Pt 7528 20Mst 4Tx 4Gsfp Wv Firmware Pt 7528 20Mst 4Tx 4Gsfp Wv Wv Firmware Pt 7528 8Msc 16Tx 4Gsfp Hv Firmware Pt 7528 8Msc 16Tx 4Gsfp Hv Hv Firmware Pt 7528 8Msc 16Tx 4Gsfp Wv Firmware Pt 7528 8Msc 16Tx 4Gsfp Wv Wv Firmware Pt 7528 8Mst 16Tx 4Gsfp Hv Firmware Pt 7528 8Mst 16Tx 4Gsfp Hv Hv Firmware Pt 7528 8Mst 16Tx 4Gsfp Wv Firmware Pt 7528 8Mst 16Tx 4Gsfp Wv Wv Firmware Pt 7528 8Ssc 16Tx 4Gsfp Hv Hv Firmware Pt 7528 8Ssc 16Tx 4Gsfp Wv Wv Firmware Pt 7828 F 24 Firmware Pt 7828 F 24 24 Firmware Pt 7828 F 24 Hv Firmware Pt 7828 F 48 Firmware Pt 7828 F 48 48 Firmware Pt 7828 F 48 Hv Firmware Pt 7828 F Hv Firmware Pt 7828 F Hv Hv Firmware Pt 7828 R 24 Firmware Pt 7828 R 24 24 Firmware Pt 7828 R 24 Hv Firmware Pt 7828 R 48 Firmware Pt 7828 R 48 48 Firmware Pt 7828 R 48 Hv Firmware Pt 7828 R Hv Firmware Pt 7828 R Hv Hv Firmware
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 24, 2020 - 19:15 nvd
HIGH 7.5

DescriptionNVD

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.

AnalysisAI

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-321. In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. Affected products include: Moxa Pt-7528-24Tx-Hv Firmware, Moxa Pt-7528-24Tx-Hv-Hv Firmware, Moxa Pt-7528-24Tx-Wv Firmware, Moxa Pt-7528-24Tx-Wv-Hv Firmware, Moxa Pt-7528-24Tx-Wv-Wv Firmware. Version information: Version 4.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2020-6983 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy