Detections
Analytics
Moxa EDS Ethernet Switches Uncontrolled Resource Consumption (CVE-2019-19707)
high Tenable OT Security Plugin ID 501516
Synopsis
The remote OT asset is affected by a vulnerability.Description
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Moxa has developed a patch to address the vulnerability. Users can contact Moxa Technical Support (logon required) for the security patch. Users can also view Moxa’s security advisory published on this vulnerability.
See Also
http://www.nessus.org/u?c2924a52
https://www.cisa.gov/news-events/ics-advisories/icsa-19-353-01
Plugin Details
Severity: High
ID: 501516
Version: 1.4
Type: remote
Family: Tenable.ot
Published: 8/2/2023
Updated: 3/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2019-19707
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:moxa:eds-g508e_firmware, cpe:/o:moxa:eds-g512e_firmware, cpe:/o:moxa:eds-g516e_firmware
Required KB Items: Tenable.ot/Moxa
Exploit Ease: No known exploits are available
Patch Publication Date: 12/11/2019
Vulnerability Publication Date: 12/11/2019
Reference Information
CVE: CVE-2019-19707