Filtered by vendor Moxa Subscriptions
Total 283 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-4639 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-10-10 7.1 High
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVE-2023-33237 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-10-08 8.8 High
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. 
CVE-2023-33238 1 Moxa 8 Edr-810, Edr-g9010, Edr-g902 and 5 more 2024-10-08 7.2 High
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-33239 1 Moxa 9 Edr-810, Edr-g9010, Edr-g902 and 6 more 2024-10-08 8.8 High
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-34213 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-10-08 8.8 High
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. 
CVE-2023-34214 1 Moxa 7 Edr-810, Edr-g902, Edr-g903 and 4 more 2024-10-08 7.2 High
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
CVE-2023-34215 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-10-08 7.2 High
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. 
CVE-2023-34216 1 Moxa 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more 2024-10-08 8.1 High
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.
CVE-2023-4227 1 Moxa 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware 2024-10-02 5.3 Medium
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.
CVE-2023-4230 1 Moxa 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware 2024-10-02 5.3 Medium
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.
CVE-2023-34217 1 Moxa 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more 2024-10-02 8.1 High
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.
CVE-2023-4204 1 Moxa 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware 2024-10-01 5.4 Medium
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
CVE-2023-4228 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2024-10-01 3.1 Low
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
CVE-2023-4229 1 Moxa 2 Iologik E4200, Iologik E4200 Firmware 2024-10-01 4.3 Medium
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.
CVE-2023-39979 1 Moxa 1 Mxsecurity 2024-09-30 9.8 Critical
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.  
CVE-2023-39981 1 Moxa 1 Mxsecurity 2024-09-30 7.5 High
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
CVE-2023-39982 1 Moxa 1 Mxsecurity 2024-09-30 7.5 High
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
CVE-2023-39983 1 Moxa 1 Mxsecurity 2024-09-30 5.3 Medium
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.
CVE-2024-6786 1 Moxa 1 Mxview One 2024-09-30 6.5 Medium
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
CVE-2024-6787 1 Moxa 1 Mxview One 2024-09-30 5.3 Medium
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.