Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25194 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-02-28 6.5 MEDIUM 8.8 HIGH
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
CVE-2020-28144 1 Moxa 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
CVE-2020-25153 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
CVE-2020-13536 1 Moxa 1 Mxview 2024-02-28 7.2 HIGH 7.8 HIGH
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.
CVE-2020-25198 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-02-28 6.8 MEDIUM 8.8 HIGH
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
CVE-2020-23639 1 Moxa 2 Vport 461, Vport 461 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
CVE-2020-25190 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
CVE-2020-25196 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
CVE-2020-13537 1 Moxa 1 Mxview 2024-02-28 7.2 HIGH 7.8 HIGH
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.
CVE-2020-25192 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
CVE-2020-6983 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.
CVE-2020-6999 1 Moxa 2 Mds-g516e, Mds-g516e Firmware 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
CVE-2019-18242 1 Moxa 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.
CVE-2020-12117 1 Moxa 2 Nport 5100a, Nport 5100a Firmware 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.
CVE-2020-6981 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
CVE-2020-6979 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.
CVE-2020-7007 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
CVE-2020-6997 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
CVE-2020-7003 1 Moxa 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.
CVE-2020-6989 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.