Filtered by vendor Moxa
Subscribe
Total
276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6094 | 1 Moxa | 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware | 2024-01-09 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. | |||||
| CVE-2023-6093 | 1 Moxa | 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware | 2024-01-08 | N/A | 6.1 MEDIUM |
| A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application. | |||||
| CVE-2023-5962 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2024-01-03 | N/A | 6.5 MEDIUM |
| A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. | |||||
| CVE-2023-5961 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2023-12-28 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | |||||
| CVE-2023-5035 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2023-11-09 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
| CVE-2023-4217 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2023-11-09 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
| CVE-2023-4452 | 1 Moxa | 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. | |||||
| CVE-2023-5627 | 1 Moxa | 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more | 2023-11-09 | N/A | 7.5 HIGH |
| A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. | |||||
| CVE-2023-1257 | 1 Moxa | 108 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 105 more | 2023-11-07 | N/A | 6.8 MEDIUM |
| An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. | |||||
| CVE-2022-3086 | 1 Moxa | 100 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 97 more | 2023-11-07 | N/A | 7.6 HIGH |
| Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-27185 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. | |||||
| CVE-2020-27184 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks. | |||||
| CVE-2020-27150 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set. | |||||
| CVE-2020-27149 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed. | |||||
| CVE-2023-4929 | 1 Moxa | 216 Nport 5110, Nport 5110-t, Nport 5110-t Firmware and 213 more | 2023-10-06 | N/A | 8.8 HIGH |
| All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. | |||||
| CVE-2023-39983 | 1 Moxa | 1 Mxsecurity | 2023-09-08 | N/A | 5.3 MEDIUM |
| A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application. | |||||
| CVE-2023-39982 | 1 Moxa | 1 Mxsecurity | 2023-09-08 | N/A | 5.9 MEDIUM |
| A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. | |||||
| CVE-2023-39981 | 1 Moxa | 1 Mxsecurity | 2023-09-07 | N/A | 7.5 HIGH |
| A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker. | |||||
| CVE-2023-39980 | 1 Moxa | 1 Mxsecurity | 2023-09-07 | N/A | 8.1 HIGH |
| A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands. | |||||
| CVE-2023-39979 | 1 Moxa | 1 Mxsecurity | 2023-09-07 | N/A | 9.8 CRITICAL |
| There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. | |||||