CVE-2022-40224 MEDIUM

CVE-2022-40224

Vendor Moxa
Product SDS-3008 Series Industrial Ethernet Switch
Weakness CWE-410
Published February 7, 2023
Last update March 5, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

February 7, 2023 CVE published
March 5, 2025 Record updated