CVE-2024-6785

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6785
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 Third Party Advisory US Government Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moxa:mxview_one:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:mxview_one_central_manager:1.0.0:*:*:*:*:*:*:*
History

27 Sep 2024, 18:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5 		v2 : unknown
v3 : 7.1
CWE CWE-312
First Time Moxa mxview One Central Manager
Moxa mxview One
Moxa
CPE cpe:2.3:a:moxa:mxview_one:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:mxview_one_central_manager:1.0.0:*:*:*:*:*:*:*
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 - Third Party Advisory, US Government Resource
References () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series - () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series - Patch, Vendor Advisory

26 Sep 2024, 07:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 -
Summary
  • (es) El archivo de configuración almacena las credenciales en texto plano. Un atacante con derechos de acceso local puede leer o modificar el archivo de configuración, lo que podría provocar un uso indebido del servicio debido a la exposición de información confidencial.

21 Sep 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-21 05:15

Updated : 2024-09-27 18:59

NVD link : CVE-2024-6785

Mitre link : CVE-2024-6785

CVE.ORG link : CVE-2024-6785

JSON object : View

Products Affected

moxa

  • mxview_one
  • mxview_one_central_manager
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-313

Cleartext Storage in a File or on Disk