CVE-2016-2282
MEDIUMMoxa ioLogik E2200 < 3.12 and ioAdmin Configuration Utility < 3.18 - Credential Exposure via Weak Encryption
Title source: llmDescription
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01
Scores
CVSS v3
5.3
EPSS
0.0044
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-255
Status
published
Products (2)
moxa/ioadmin_firmware
< 3.17
moxa/iologik_firmware
< 3.11
Published
Mar 04, 2016
Tracked Since
Feb 18, 2026