Vulnerabilities > CVE-2016-2282 - Credentials Management vulnerability in Moxa Ioadmin Firmware and Iologik Firmware

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

moxa

CWE-255

NVD

Published: 2016-03-04

Updated: 2021-05-19

Summary

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa Ioadmin Firmware 3.17 Moxa Iologik Firmware 3.11	2
Hardware	Moxa Moxa Iologik E2210 - Moxa Iologik E2260 T - Moxa Iologik E2240 T - Moxa Iologik E2240 - Moxa Iologik E2212 - Moxa Iologik E2214 T - Moxa Iologik E2212 T - Moxa Iologik E2210 T - Moxa Iologik E2262 - Moxa Iologik E2260 - Moxa Iologik E2262 T - Moxa Iologik E2242 T - Moxa Iologik E2214 - Moxa Iologik E2242 -	14

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01