CVE-2024-6785

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05	Third Party Advisory US Government Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moxa:mxview_one::::::::
	cpe:2.3:a:moxa:mxview_one_central_manager:1.0.0:::::::*

History

No history.

Information

Published : 2024-09-21 05:15

Updated : 2024-09-27 18:59

NVD link : CVE-2024-6785

Mitre link : CVE-2024-6785

CVE.ORG link : CVE-2024-6785

JSON object : View

Products Affected

moxa

mxview_one
mxview_one_central_manager

CWE

CWE-313

Cleartext Storage in a File or on Disk

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-6785", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@moxa.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@moxa.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.8, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-21T05:15:11.860", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@moxa.com"}, {"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@moxa.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@moxa.com", "description": [{"lang": "en", "value": "CWE-313"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure."}, {"lang": "es", "value": "El archivo de configuraci\u00f3n almacena las credenciales en texto plano. Un atacante con derechos de acceso local puede leer o modificar el archivo de configuraci\u00f3n, lo que podr\u00eda provocar un uso indebido del servicio debido a la exposici\u00f3n de informaci\u00f3n confidencial."}], "lastModified": "2024-09-27T18:59:25.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxview_one:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24690651-4F3A-431A-845A-B7CCBD1D24D2", "versionEndExcluding": "1.4.1"}, {"criteria": "cpe:2.3:a:moxa:mxview_one_central_manager:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33EAC644-D402-43FA-BC54-E193F34C0A1F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@moxa.com"}