CVE-2019-18238

Summary

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

Affected Software

VendorProductVersion RangeStatus
n/aMoxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lowerMoxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or loweraffected

Weaknesses

  • CWE-312: CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312

ADP Enrichment

CVE Program Container

Additional References

References