Vulnerabilities > CVE-2015-6481 - Unspecified vulnerability in Moxa Oncell Central Manager 2.0

CVSS 8.3 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

moxa

NVD

Published: 2015-12-21

Updated: 2015-12-22

Summary

The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.

Vulnerable Configurations

Part	Description	Count
Application	Moxa Moxa Oncell Central Manager 2.0	1

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-328-01
http://zerodayinitiative.com/advisories/ZDI-15-453/