CVE-2019-9104

HIGH

Moxa Mb3170 Firmware < 4.0 - Insufficiently Protected Credentials

Title source: rule

Description

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.

References (2)

[Vendor Advisory] https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-20-056-01

Scores

CVSS v3 7.5

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-312

Status published

Affected Products (6)

moxa/mb3170_firmware < 4.0

moxa/mb3270_firmware < 4.0

moxa/mb3180_firmware < 2.0

moxa/mb3280_firmware < 3.0

moxa/mb3480_firmware < 3.0

moxa/mb3660_firmware < 2.2

Timeline

Published Mar 11, 2020

Tracked Since Feb 18, 2026