MEDIUM✓ PATCH🇬🇧 English

CVE-2024-6785

CVSS 6.8v4.0pub. 2024-09-21upd. 2024-09-27

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Moxa Mxview One

    APP
    Moxa
    < 1.4.1
  • Moxa Mxview One Central Manager

    APP
    Moxa
    1.0.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-6786MEDIUM6.0ten sam produkt

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, en...

CVE-2024-6787MEDIUM6.0ten sam produkt

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and th...

CVE-2023-39979CRITICAL9.8ten sam vendor

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication....

CVE-2023-33236CRITICAL9.8ten sam vendor

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been report...

CVE-2023-28697CRITICAL9.8ten sam vendor

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can explo...