CVE-2017-13701

critical

Published 2017-11-23 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

5.0

VIR risk

9.8

Description

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf

References

http://www.securityfocus.com/bid/101966
https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf
http://www.securityfocus.com/bid/101966
https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.