Filtered by vendor Moxa
Subscribe
Total
285 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39979 | 1 Moxa | 1 Mxsecurity | 2024-02-28 | N/A | 9.8 CRITICAL |
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. | |||||
CVE-2023-4452 | 1 Moxa | 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. | |||||
CVE-2023-34217 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-02-28 | N/A | 8.1 HIGH |
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. | |||||
CVE-2023-4929 | 1 Moxa | 216 Nport 5110, Nport 5110-t, Nport 5110-t Firmware and 213 more | 2024-02-28 | N/A | 8.8 HIGH |
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. | |||||
CVE-2023-4228 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2024-02-28 | N/A | 4.3 MEDIUM |
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
CVE-2023-5035 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
CVE-2023-4230 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. | |||||
CVE-2023-34216 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-02-28 | N/A | 8.1 HIGH |
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. | |||||
CVE-2023-39983 | 1 Moxa | 1 Mxsecurity | 2024-02-28 | N/A | 5.3 MEDIUM |
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application. | |||||
CVE-2023-39980 | 1 Moxa | 1 Mxsecurity | 2024-02-28 | N/A | 8.1 HIGH |
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands. | |||||
CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | |||||
CVE-2023-4217 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
CVE-2023-4229 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2024-02-28 | N/A | 4.7 MEDIUM |
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures. | |||||
CVE-2023-5627 | 1 Moxa | 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more | 2024-02-28 | N/A | 7.5 HIGH |
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. | |||||
CVE-2023-3336 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. | |||||
CVE-2023-33235 | 1 Moxa | 1 Mxsecurity | 2024-02-28 | N/A | 8.8 HIGH |
MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | |||||
CVE-2023-33236 | 1 Moxa | 1 Mxsecurity | 2024-02-28 | N/A | 9.8 CRITICAL |
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | |||||
CVE-2023-28697 | 1 Moxa | 2 Miineport E1, Miineport E1 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | |||||
CVE-2022-40693 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | |||||
CVE-2022-40691 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-02-28 | N/A | 5.3 MEDIUM |
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. |