CVE-2019-18238
First published: Wed Feb 26 2020(Updated: )
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Iologik 2512 Firmware | <=3.0 | |
| Moxa Iologik 2512 | ||
| Moxa Iologik 2512-t Firmware | <=3.0 | |
| Moxa Iologik 2512-t | ||
| Moxa Iologik 2512-hspa Firmware | <=3.0 | |
| Moxa Iologik 2512-hspa | ||
| Moxa Iologik 2512-hspa-t Firmware | <=3.0 | |
| Moxa Iologik 2512-hspa-t | ||
| Moxa Iologik 2512-wl1-eu Firmware | <=3.0 | |
| Moxa Iologik 2512-wl1-eu | ||
| Moxa Iologik 2512-wl1-eu-t Firmware | <=3.0 | |
| Moxa Iologik 2512-wl1-eu-t | ||
| Moxa Iologik 2512-wl1-us Firmware | <=3.0 | |
| Moxa Iologik 2512-wl1-us | ||
| Moxa Iologik 2512-wl1-us-t Firmware | <=3.0 | |
| Moxa Iologik 2512-wl1-us-t | ||
| Moxa Iologik 2512-wl1-jp Firmware | <=3.0 | |
| Moxa Iologik 2512-wl1-jp | ||
| Moxa Iologik 2512-wl1-jp-t Firmware | <=3.0 | |
| Moxa Iologik 2512-wl1-jp-t | ||
| Moxa Iologik 2542 Firmware | <=3.0 | |
| Moxa Iologik 2542 | ||
| Moxa Iologik 2542-t Firmware | <=3.0 | |
| Moxa Iologik 2542-t | ||
| Moxa Iologik 2542-hspa Firmware | <=3.0 | |
| Moxa Iologik 2542-hspa | ||
| Moxa Iologik 2542-hspa-t Firmware | <=3.0 | |
| Moxa Iologik 2542-hspa-t | ||
| Moxa Iologik 2542-wl1-eu Firmware | <=3.0 | |
| Moxa Iologik 2542-wl1-eu | ||
| Moxa Iologik 2542-wl1-eu-t Firmware | <=3.0 | |
| Moxa Iologik 2542-wl1-eu-t | ||
| Moxa Iologik 2542-wl1-us Firmware | <=3.0 | |
| Moxa Iologik 2542-wl1-us | ||
| Moxa Iologik 2542-wl1-us-t Firmware | <=3.0 | |
| Moxa Iologik 2542-wl1-us-t | ||
| Moxa Iologik 2542-wl1-jp Firmware | <=3.0 | |
| Moxa Iologik 2542-wl1-jp | ||
| Moxa Iologik 2542-wl1-jp-t Firmware | <=3.0 | |
| Moxa Iologik 2542-wl1-jp-t |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18238?
CVE-2019-18238 is classified as a medium severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2019-18238?
To mitigate CVE-2019-18238, update the firmware of Moxa ioLogik 2500 series devices to a version above 3.0.
What kind of information is exposed in CVE-2019-18238?
CVE-2019-18238 allows for access to sensitive administrative credentials stored in configuration files without encryption.
Which devices are affected by CVE-2019-18238?
CVE-2019-18238 affects Moxa ioLogik 2500 series devices running firmware version 3.0 or lower.
Is CVE-2019-18238 easily exploitable?
Exploitation of CVE-2019-18238 requires an attacker to have access to the configuration files, making it a critical concern for secure deployment.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/moxa
- canonical/moxa iologik 2512 firmware
- version/moxa iologik 2512 firmware/3.0
- canonical/moxa iologik 2512
- canonical/moxa iologik 2512-t firmware
- version/moxa iologik 2512-t firmware/3.0
- canonical/moxa iologik 2512-t
- canonical/moxa iologik 2512-hspa firmware
- version/moxa iologik 2512-hspa firmware/3.0
- canonical/moxa iologik 2512-hspa
- canonical/moxa iologik 2512-hspa-t firmware
- version/moxa iologik 2512-hspa-t firmware/3.0
- canonical/moxa iologik 2512-hspa-t
- canonical/moxa iologik 2512-wl1-eu firmware
- version/moxa iologik 2512-wl1-eu firmware/3.0
- canonical/moxa iologik 2512-wl1-eu
- canonical/moxa iologik 2512-wl1-eu-t firmware
- version/moxa iologik 2512-wl1-eu-t firmware/3.0
- canonical/moxa iologik 2512-wl1-eu-t
- canonical/moxa iologik 2512-wl1-us firmware
- version/moxa iologik 2512-wl1-us firmware/3.0
- canonical/moxa iologik 2512-wl1-us
- canonical/moxa iologik 2512-wl1-us-t firmware
- version/moxa iologik 2512-wl1-us-t firmware/3.0
- canonical/moxa iologik 2512-wl1-us-t
- canonical/moxa iologik 2512-wl1-jp firmware
- version/moxa iologik 2512-wl1-jp firmware/3.0
- canonical/moxa iologik 2512-wl1-jp
- canonical/moxa iologik 2512-wl1-jp-t firmware
- version/moxa iologik 2512-wl1-jp-t firmware/3.0
- canonical/moxa iologik 2512-wl1-jp-t
- canonical/moxa iologik 2542 firmware
- version/moxa iologik 2542 firmware/3.0
- canonical/moxa iologik 2542
- canonical/moxa iologik 2542-t firmware
- version/moxa iologik 2542-t firmware/3.0
- canonical/moxa iologik 2542-t
- canonical/moxa iologik 2542-hspa firmware
- version/moxa iologik 2542-hspa firmware/3.0
- canonical/moxa iologik 2542-hspa
- canonical/moxa iologik 2542-hspa-t firmware
- version/moxa iologik 2542-hspa-t firmware/3.0
- canonical/moxa iologik 2542-hspa-t
- canonical/moxa iologik 2542-wl1-eu firmware
- version/moxa iologik 2542-wl1-eu firmware/3.0
- canonical/moxa iologik 2542-wl1-eu
- canonical/moxa iologik 2542-wl1-eu-t firmware
- version/moxa iologik 2542-wl1-eu-t firmware/3.0
- canonical/moxa iologik 2542-wl1-eu-t
- canonical/moxa iologik 2542-wl1-us firmware
- version/moxa iologik 2542-wl1-us firmware/3.0
- canonical/moxa iologik 2542-wl1-us
- canonical/moxa iologik 2542-wl1-us-t firmware
- version/moxa iologik 2542-wl1-us-t firmware/3.0
- canonical/moxa iologik 2542-wl1-us-t
- canonical/moxa iologik 2542-wl1-jp firmware
- version/moxa iologik 2542-wl1-jp firmware/3.0
- canonical/moxa iologik 2542-wl1-jp
- canonical/moxa iologik 2542-wl1-jp-t firmware
- version/moxa iologik 2542-wl1-jp-t firmware/3.0
- canonical/moxa iologik 2542-wl1-jp-t