{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4740", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2024-05-10T09:05:35.936Z", "datePublished": "2024-10-18T08:21:15.659Z", "dateUpdated": "2024-10-18T14:38:21.017Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MXsecurity Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.1.0", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sean Cai"}, {"lang": "en", "type": "finder", "value": "Chris Huang"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."}], "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."}], "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191: Read Sensitive Constants Within an Executable"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-18T08:21:15.659Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.</p><ul><li><p>MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\">Moxa Software Licensing Portal</a>&nbsp;</p></li></ul>"}], "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n * MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"}], "source": {"discovery": "EXTERNAL"}, "title": "MXsecurity Use of Hard-coded Credentials", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet. </p></li></ul></div><div><ul><li><p>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). </p></li></ul></div><div><ul><li><p>The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f&nbsp;</p></li></ul></div>"}], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "moxa", "product": "mxsecurity", "cpes": ["cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "1.1.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T14:36:04.335600Z", "id": "CVE-2024-4740", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:38:21.017Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4740", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-18T14:36:04.335600Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "mxsecurity", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T14:38:16.582Z"}}], "cna": {"title": "MXsecurity Use of Hard-coded Credentials", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Sean Cai"}, {"lang": "en", "type": "finder", "value": "Chris Huang"}], "impacts": [{"capecId": "CAPEC-191", "descriptions": [{"lang": "en", "value": "CAPEC-191: Read Sensitive Constants Within an Executable"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "MXsecurity Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.1.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n * MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login", "supportingMedia": [{"type": "text/html", "value": "<p>Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.</p><ul><li><p>MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the <a target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\">Moxa Software Licensing Portal</a>&nbsp;</p></li></ul>", "base64": false}]}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "* Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.", "supportingMedia": [{"type": "text/html", "value": "<div><ul><li><p>Minimize network exposure to ensure the device is not accessible from the Internet. </p></li></ul></div><div><ul><li><p>When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). </p></li></ul></div><div><ul><li><p>The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f&nbsp;</p></li></ul></div>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.", "supportingMedia": [{"type": "text/html", "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-18T08:21:15.659Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4740", "state": "PUBLISHED", "dateUpdated": "2024-10-18T14:38:21.017Z", "dateReserved": "2024-05-10T09:05:35.936Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2024-10-18T08:21:15.659Z", "assignerShortName": "Moxa"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*", "matchCriteriaId": "B684EB4B-A888-4494-BAC5-09DD44216846", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."}, {"lang": "es", "value": "Las versiones v1.1.0 y anteriores del software MXsecurity son vulnerables debido al uso de credenciales codificadas. Esta vulnerabilidad podr\u00eda permitir que un atacante altere datos confidenciales."}], "id": "CVE-2024-4740", "lastModified": "2024-10-18T15:13:42.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2024-10-18T09:15:04.237", "references": [{"source": "psirt@moxa.com", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}