Filtered by vendor Moxa
Subscribe
Total
276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7003 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. | |||||
| CVE-2020-7007 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. | |||||
| CVE-2019-9099 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2). | |||||
| CVE-2019-9096 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. | |||||
| CVE-2019-9097 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. | |||||
| CVE-2019-9098 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. | |||||
| CVE-2019-9101 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. | |||||
| CVE-2019-9103 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. | |||||
| CVE-2020-8858 | 1 Moxa | 4 Mgate 5105-mb-eip, Mgate 5105-mb-eip-t, Mgate 5105-mb-eip-t Firmware and 1 more | 2020-02-19 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. | |||||
| CVE-2016-5819 | 1 Moxa | 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. | |||||
| CVE-2019-19707 | 1 Moxa | 6 Eds-g508e, Eds-g508e Firmware, Eds-g512e and 3 more | 2019-12-17 | 7.8 HIGH | 7.5 HIGH |
| On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. | |||||
| CVE-2019-10969 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2019-10-23 | 6.5 MEDIUM | 7.2 HIGH |
| Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | |||||
| CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | |||||
| CVE-2018-5453 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable. | |||||
| CVE-2018-5449 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2019-10-09 | 3.3 LOW | 6.5 MEDIUM |
| A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack. | |||||
| CVE-2018-10632 | 1 Moxa | 6 Nport 5210, Nport 5210 Firmware, Nport 5230 and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. | |||||
| CVE-2017-7917 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device. | |||||
| CVE-2017-7915 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication. | |||||
| CVE-2017-7913 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext. | |||||
| CVE-2017-5170 | 1 Moxa | 1 Softnvr-ia Live View | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. | |||||