Filtered by vendor Moxa
Subscriptions
Total
287 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3088 | 2 Debian, Moxa | 129 Debian Linux, Aig-301-ap-azu-lx, Aig-301-ap-azu-lx Firmware and 126 more | 2024-08-03 | 7.8 High |
| UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. | ||||
| CVE-2023-33236 | 1 Moxa | 1 Mxsecurity | 2024-08-02 | 9.8 Critical |
| MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | ||||
| CVE-2023-33235 | 1 Moxa | 1 Mxsecurity | 2024-08-02 | 7.2 High |
| MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | ||||
| CVE-2023-28697 | 1 Moxa | 2 Miineport E1, Miineport E1 Firmware | 2024-08-02 | 9.8 Critical |
| Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | ||||
| CVE-2023-6093 | 1 Moxa | 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware | 2024-08-02 | 5.3 Medium |
| A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application. | ||||
| CVE-2023-5961 | 1 Moxa | 20 Iologik E1210, Iologik E1210 Firmware, Iologik E1211 and 17 more | 2024-08-02 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. | ||||
| CVE-2023-1257 | 1 Moxa | 108 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 105 more | 2024-08-02 | 7.6 High |
| An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. | ||||