CVE-2024-6785

MEDIUM EPSS 1.7%

Published Sep 21, 20241y ago · Modified Jun 17, 20261w ago

6.8 CVSS 4.0

Medium

Published Sep 21, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

CVSS Details

Base Score

6.8

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

1.7% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 2

CWE-312

CWE-313

Affected Products 2

Vendor	Product	Version	Range
moxa	mxview_one	*	<1.4.1
moxa	mxview_one_central_manager	1.0.0	any

References 2

cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05

Third Party AdvisoryUS Government Resource
moxa.com https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series

PatchVendor Advisory

Remediation

moxa.com https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series

PatchVendor Advisory