CVE-2016-2295

HIGH

Moxa MiiNePort E1/E2/E3 Firmware - Unauthenticated Sensitive Information Exposure via Configuration File

Title source: llm
STIX 2.1

Description

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/7
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01

Scores

CVSS v3 7.5
EPSS 0.0075
EPSS Percentile 73.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (5)
moxa/miineport_e1_4641_firmware 1.1.10
moxa/miineport_e1_7080_firmware 1.1.10
moxa/miineport_e2_1242_firmware 1.1
moxa/miineport_e2_4561_firmware 1.1
moxa/miineport_e3_firmware 1.0
Published May 31, 2016
Tracked Since Feb 18, 2026