Filtered by vendor Moxa
Subscribe
Total
276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4230 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2023-09-01 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. | |||||
| CVE-2023-4227 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2023-08-29 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device. | |||||
| CVE-2023-4228 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2023-08-29 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
| CVE-2023-4229 | 1 Moxa | 2 Iologik E4200, Iologik E4200 Firmware | 2023-08-29 | N/A | 4.7 MEDIUM |
| A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures. | |||||
| CVE-2023-4204 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2023-08-24 | N/A | 9.8 CRITICAL |
| NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. | |||||
| CVE-2023-34217 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2023-08-23 | N/A | 8.1 HIGH |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. | |||||
| CVE-2023-34215 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-08-23 | N/A | 9.8 CRITICAL |
| TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2023-34216 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2023-08-23 | N/A | 8.1 HIGH |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. | |||||
| CVE-2023-33238 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2023-08-22 | N/A | 9.8 CRITICAL |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2023-33237 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-08-22 | N/A | 8.8 HIGH |
| TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. | |||||
| CVE-2023-34214 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2023-08-22 | N/A | 9.8 CRITICAL |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2023-34213 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-08-22 | N/A | 9.8 CRITICAL |
| TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2023-33239 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2023-08-22 | N/A | 9.8 CRITICAL |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. | |||||
| CVE-2021-46559 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. | |||||
| CVE-2023-3336 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-07-10 | N/A | 5.3 MEDIUM |
| TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. | |||||
| CVE-2021-32974 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2023-06-26 | 10.0 HIGH | 9.8 CRITICAL |
| Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | |||||
| CVE-2023-33235 | 1 Moxa | 1 Mxsecurity | 2023-05-30 | N/A | 8.8 HIGH |
| MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | |||||
| CVE-2023-33236 | 1 Moxa | 1 Mxsecurity | 2023-05-30 | N/A | 9.8 CRITICAL |
| MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | |||||
| CVE-2023-28697 | 1 Moxa | 2 Miineport E1, Miineport E1 Firmware | 2023-05-05 | N/A | 9.8 CRITICAL |
| Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | |||||
| CVE-2018-10690 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2023-02-28 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials. | |||||