CVE-2020-6993

high-risk
Published 2020-03-24

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.

Do I need to act?

-
0.42% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Pt-7528-24Tx-Hv Firmware
Pt-7528-24Tx-Hv-Hv Firmware
Pt-7528-24Tx-Wv Firmware
Pt-7528-24Tx-Wv-Hv Firmware
Pt-7528-24Tx-Wv-Wv Firmware
Pt-7528-12Msc-12Tx-4Gsfp-Hv Firmware
Pt-7528-12Msc-12Tx-4Gsfp-Hv-Hv Firmware
Pt-7528-12Msc-12Tx-4Gsfp-Wv Firmware
Pt-7528-12Msc-12Tx-4Gsfp-Wv-Wv Firmware
Pt-7528-12Mst-12Tx-4Gsfp-Hv Firmware
Pt-7528-12Mst-12Tx-4Gsfp-Hv-Hv Firmware
Pt-7528-12Mst-12Tx-4Gsfp-Wv Firmware
Pt-7528-12Mst-12Tx-4Gsfp-Wv-Wv Firmware
Pt-7528-16Msc-8Tx-4Gsfp-Hv Firmware
Pt-7528-16Msc-8Tx-4Gsfp-Hv-Hv Firmware
Pt-7528-16Msc-8Tx-4Gsfp-Wv Firmware
Pt-7528-16Msc-8Tx-4Gsfp-Wv-Wv Firmware
Pt-7528-16Mst-8Tx-4Gsfp-Hv Firmware
Pt-7528-16Mst-8Tx-4Gsfp-Hv-Hv Firmware
Pt-7528-16Mst-8Tx-4Gsfp-Wv Firmware

Affected Vendors

Moxa

References (2)

Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-20-056-03
Third Party Advisory https://www.us-cert.gov/ics/advisories/icsa-20-056-03
54
/ 100
high-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 26/34 · High