Cyber Resilience

CVE-2022-27048

High

Published: 15 April 2022

Published
15 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0031 54.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-27048 is a high-severity an unspecified weakness vulnerability in Moxa Mgate Mb3170I Firmware. Its CVSS base score is 7.4 (High).

Operationally, ranked in the top 45.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower.…

more

and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

moxa
mgate mb3170i firmware
≤ 4.2
moxa
mgate mb3170i-t firmware
≤ 4.2
moxa
mgate mb3170-m-st firmware
≤ 4.2
moxa
mgate mb3170-m-sc-t firmware
≤ 4.2
moxa
mgate mb3170 firmware
≤ 4.2
moxa
mgate mb3170-t firmware
≤ 4.2
moxa
mgate mb3170-m-sc firmware
≤ 4.2
moxa
mgate mb3170i-s-sc firmware
≤ 4.2
moxa
mgate mb3270i firmware
≤ 4.2
moxa
mgate mb3270i-t firmware
≤ 4.2
+10 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References