Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5962 1 Moxa 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more 2024-10-28 N/A 6.5 MEDIUM
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.
CVE-2023-39982 1 Moxa 1 Mxsecurity 2024-10-28 N/A 5.9 MEDIUM
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
CVE-2023-4227 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2024-10-28 N/A 6.5 MEDIUM
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.
CVE-2023-39981 1 Moxa 1 Mxsecurity 2024-10-28 N/A 7.5 HIGH
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
CVE-2023-34215 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-10-28 N/A 9.8 CRITICAL
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-34214 1 Moxa 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more 2024-10-28 N/A 9.8 CRITICAL
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-34213 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-10-28 N/A 9.8 CRITICAL
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-33239 1 Moxa 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more 2024-10-28 N/A 9.8 CRITICAL
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-33238 1 Moxa 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more 2024-10-28 N/A 9.8 CRITICAL
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-33237 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-10-28 N/A 8.8 HIGH
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.
CVE-2024-4739 1 Moxa 1 Mxsecurity 2024-10-22 N/A 7.5 HIGH
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
CVE-2024-4740 1 Moxa 1 Mxsecurity 2024-10-18 N/A 7.5 HIGH
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
CVE-2024-4639 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-10-10 N/A 8.8 HIGH
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVE-2024-6786 1 Moxa 1 Mxview One 2024-09-30 N/A 6.5 MEDIUM
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
CVE-2024-6787 1 Moxa 1 Mxview One 2024-09-30 N/A 5.9 MEDIUM
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.
CVE-2024-6785 1 Moxa 2 Mxview One, Mxview One Central Manager 2024-09-27 N/A 7.1 HIGH
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.
CVE-2024-4638 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-09-24 N/A 8.8 HIGH
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVE-2024-4641 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-09-18 N/A 9.8 CRITICAL
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.
CVE-2024-4640 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-09-18 N/A 8.2 HIGH
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
CVE-2023-6094 1 Moxa 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware 2024-02-28 N/A 5.3 MEDIUM
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.