Vulnerability Details : CVE-2020-25194
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
Exploit prediction scoring system (EPSS) score for CVE-2020-25194
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-25194
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
ICS-CERT |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-25194
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-25194
-
https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01
MOXA NPort IAW5000A-I/O Series | CISAThird Party Advisory;US Government Resource
Products affected by CVE-2020-25194
- cpe:2.3:o:moxa:nport_iaw5000a-i\/o_firmware:*:*:*:*:*:*:*:*