CVE-2019-6524
CRITICALMoxa IKS-G6824A <4.5 & EDS-405A/408A/510A <3.8 - Unauthenticated Password Discovery via Brute Force
Title source: llmDescription
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107178
Scores
CVSS v3
9.8
EPSS
0.0025
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-307
Status
published
Products (4)
moxa/eds-405a_firmware
< 3.8
moxa/eds-408a_firmware
< 3.8
moxa/eds-510a_firmware
< 3.8
moxa/iks-g6824a_firmware
< 4.5
Published
Mar 05, 2019
Tracked Since
Feb 18, 2026