MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
Fixes

Solution

Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below. * MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login


Workaround

* Minimize network exposure to ensure the device is not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00092}

epss

{'score': 0.00095}


Fri, 18 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Moxa
Moxa mxsecurity
CPEs cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*
Vendors & Products Moxa
Moxa mxsecurity
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 18 Oct 2024 08:45:00 +0000

Type Values Removed Values Added
Description MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
Title MXsecurity Use of Hard-coded Credentials
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Moxa

Published:

Updated: 2024-10-18T14:38:21.017Z

Reserved: 2024-05-10T09:05:35.936Z

Link: CVE-2024-4740

cve-icon Vulnrichment

Updated: 2024-10-18T14:38:16.582Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-18T09:15:04.237

Modified: 2024-10-18T15:13:42.123

Link: CVE-2024-4740

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.