CVE-2022-40693 MEDIUM

CVE-2022-40693

Vendor Moxa

Product SDS-3008 Series Industrial Ethernet Switch

Weakness CWE-319 · Cleartext transmission

Published February 7, 2023

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Key dates

02Disclosure timeline

February 7, 2023 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40693 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/319.html

Related vulnerabilities

CVE-2022-40693

01Description

02Disclosure timeline

03References

04Related CVE