Filtered by vendor Moxa Subscriptions
Total 287 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5961 1 Moxa 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more 2024-11-27 8.8 High
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
CVE-2024-4641 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-11-21 6.3 Medium
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.
CVE-2024-4640 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-11-21 7.1 High
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
CVE-2024-4639 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-11-21 7.1 High
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVE-2024-4638 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-11-21 7.1 High
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVE-2023-6094 1 Moxa 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware 2024-11-21 5.3 Medium
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.
CVE-2023-6093 1 Moxa 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware 2024-11-21 5.3 Medium
A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application.
CVE-2023-5962 1 Moxa 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more 2024-11-21 6.5 Medium
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.
CVE-2023-5627 1 Moxa 54 Nport 6150, Nport 6150-t, Nport 6150-t Firmware and 51 more 2024-11-21 7.5 High
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.
CVE-2023-5035 1 Moxa 2 Eds-g503, Eds-g503 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-4929 1 Moxa 227 Nport 5100, Nport 5100a, Nport 5100ai M12 and 224 more 2024-11-21 6.5 Medium
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.
CVE-2023-4452 1 Moxa 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more 2024-11-21 6.5 Medium
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.
CVE-2023-4230 1 Moxa 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware 2024-11-21 5.3 Medium
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.
CVE-2023-4229 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2024-11-21 4.3 Medium
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.
CVE-2023-4228 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-4227 1 Moxa 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware 2024-11-21 5.3 Medium
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.
CVE-2023-4217 1 Moxa 2 Eds-g503, Eds-g503 Firmware 2024-11-21 3.1 Low
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-4204 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-11-21 5.4 Medium
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
CVE-2023-3336 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-11-21 5.3 Medium
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.
CVE-2023-39983 1 Moxa 1 Mxsecurity 2024-11-21 5.3 Medium
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.