CVE-2019-6563

CRITICAL

Moxa IKS/EDS - Info Disclosure

Title source: llm

Description

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.

References (2)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107178

Scores

CVSS v3 9.8

EPSS 0.0014

EPSS Percentile 33.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-341 CWE-916

Status published

Products (4)

moxa/eds-405a_firmware < 3.8

moxa/eds-408a_firmware < 3.8

moxa/eds-510a_firmware < 3.8

moxa/iks-g6824a_firmware < 4.5

Published Mar 05, 2019

Tracked Since Feb 18, 2026