Sign-up

ID

VAR-202105-0268


CVE

CVE-2020-27185


TITLE

NPort IA5000A  Vulnerability in plaintext transmission of critical information in series serial devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-007083

DESCRIPTION

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. Moxa NPort IA5150A Series is a set of industrial equipment server. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2020-27185 // JVNDB: JVNDB-2021-007083 // CNVD: CNVD-2021-76107 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-27185

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-76107

AFFECTED PRODUCTS

vendor:moxamodel:nport ia5450ascope:lteversion:1.7

Trust: 1.0

vendor:moxamodel:nport ia5150ascope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:nport ia5250ascope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:nport ia5150a シリーズscope: - version: -

Trust: 0.8

vendor:moxamodel:nport ia5450a シリーズscope: - version: -

Trust: 0.8

vendor:moxamodel:nport ia5250a シリーズscope: - version: -

Trust: 0.8

vendor:moxamodel:nport ia5150a seriesscope:eqversion:1.4

Trust: 0.6

sources: CNVD: CNVD-2021-76107 // JVNDB: JVNDB-2021-007083 // NVD: CVE-2020-27185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27185
value: HIGH

Trust: 1.0

NVD: CVE-2020-27185
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-76107
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-2042
value: HIGH

Trust: 0.6

VULMON: CVE-2020-27185
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27185
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-76107
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-27185
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-27185
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-76107 // VULMON: CVE-2020-27185 // JVNDB: JVNDB-2021-007083 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2042 // NVD: CVE-2020-27185

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007083 // NVD: CVE-2020-27185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2042

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2042

PATCH

title:NPort IA5000A Series Serial Device Servers Vulnerabilitiesurl:https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities

Trust: 0.8

title:Patch for Moxa NPort IA5150A Series sensitive information clear text transmission vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/293661

Trust: 0.6

title:MOXA NPort IA5150A Series Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151545

Trust: 0.6

sources: CNVD: CNVD-2021-76107 // JVNDB: JVNDB-2021-007083 // CNNVD: CNNVD-202104-2042

EXTERNAL IDS

db:NVDid:CVE-2020-27185

Trust: 3.9

db:JVNDBid:JVNDB-2021-007083

Trust: 0.8

db:CNVDid:CNVD-2021-76107

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042809

Trust: 0.6

db:CNNVDid:CNNVD-202104-2042

Trust: 0.6

db:VULMONid:CVE-2020-27185

Trust: 0.1

sources: CNVD: CNVD-2021-76107 // VULMON: CVE-2020-27185 // JVNDB: JVNDB-2021-007083 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2042 // NVD: CVE-2020-27185

REFERENCES

url:https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-27185

Trust: 1.4

url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021%2c

Trust: 1.0

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042809

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/319.html

Trust: 0.1

url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021,

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-76107 // VULMON: CVE-2020-27185 // JVNDB: JVNDB-2021-007083 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2042 // NVD: CVE-2020-27185

SOURCES

db:CNVDid:CNVD-2021-76107
db:VULMONid:CVE-2020-27185
db:JVNDBid:JVNDB-2021-007083
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-2042
db:NVDid:CVE-2020-27185

LAST UPDATE DATE

2024-08-14T12:51:59.520000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-76107date:2021-10-11T00:00:00
db:VULMONid:CVE-2020-27185date:2021-05-21T00:00:00
db:JVNDBid:JVNDB-2021-007083date:2022-02-02T09:07:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-2042date:2021-05-24T00:00:00
db:NVDid:CVE-2020-27185date:2023-11-07T03:20:50.610

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-76107date:2021-10-11T00:00:00
db:VULMONid:CVE-2020-27185date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-007083date:2022-02-02T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-2042date:2021-04-28T00:00:00
db:NVDid:CVE-2020-27185date:2021-05-14T13:15:07.330