CVE-2016-2282

MEDIUM

Moxa Ioadmin Firmware < 3.17 - Credentials Management

Title source: rule

Description

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.

References (1)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01

Scores

CVSS v3 5.3

EPSS 0.0044

EPSS Percentile 63.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-255

Status draft

Affected Products (2)

moxa/ioadmin_firmware < 3.17

moxa/iologik_firmware < 3.11

Timeline

Published Mar 04, 2016

Tracked Since Feb 18, 2026