{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9137", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2024-09-24T07:11:35.456Z", "datePublished": "2024-10-14T08:09:22.689Z", "dateUpdated": "2024-10-15T14:32:26.853Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EDR-8010 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-G9004 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-G9010 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDF-G1002-BP Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NAT-102 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "OnCell G4302-LTE4 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.9", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TN-4900 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.6", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lars Haulin"}], "datePublic": "2024-10-14T08:07:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.</p>"}], "value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."}], "impacts": [{"capecId": "CAPEC-216", "descriptions": [{"lang": "en", "value": "CAPEC-216 Communication Channel Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-15T07:56:29.135Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li>EDR-8010 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G1002-BP Series: Upgrade to the firmware version 3.13.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>ONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13.</li></ol>"}], "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13.\n * EDR-G1002-BP Series: Upgrade to the firmware version 3.13.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * ONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.\n * TN-4900 Series: Upgrade to the firmware version 3.13."}], "source": {"discovery": "EXTERNAL"}, "title": "Moxa Service Missing Authentication for Critical Function", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li>Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.</li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>"}], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "moxa", "product": "edr-g9010", "cpes": ["cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}, {"vendor": "moxa", "product": "nat-102", "cpes": ["cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "1.0.5", "versionType": "custom"}]}, {"vendor": "moxa", "product": "tn-4900", "cpes": ["cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.6", "versionType": "custom"}]}, {"vendor": "moxa", "product": "oncell_g4302-lte4", "cpes": ["cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.9", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edf-g1002-bp", "cpes": ["cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-g9004", "cpes": ["cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-8010", "cpes": ["cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-14T15:27:27.483068Z", "id": "CVE-2024-9137", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:32:26.853Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Moxa Service Missing Authentication for Critical Function", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Lars Haulin"}], "impacts": [{"capecId": "CAPEC-216", "descriptions": [{"lang": "en", "value": "CAPEC-216 Communication Channel Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "EDR-8010 Series", "versions": [{"status": "affected", "version": "0", "lessThan": "3.12.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G9004 Series", "versions": [{"status": "affected", "version": "0", "lessThan": "3.12.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G9010 Series", "versions": [{"status": "affected", "version": "0", "lessThan": "3.12.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDF-G1002-BP Series", "versions": [{"status": "affected", "version": "0", "lessThan": "3.12.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "NAT-102 Series", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "OnCell G4302-LTE4 Series", "versions": [{"status": "affected", "version": "0", "lessThan": "3.9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "TN-4900 Series", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13.\n * EDR-G1002-BP Series: Upgrade to the firmware version 3.13.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * ONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.\n * TN-4900 Series: Upgrade to the firmware version 3.13.", "supportingMedia": [{"type": "text/html", "value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li>EDR-8010 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13.</li><li>EDR-G1002-BP Series: Upgrade to the firmware version 3.13.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>ONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13.</li></ol>", "base64": false}]}], "datePublic": "2024-10-14T08:07:00.000Z", "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.", "supportingMedia": [{"type": "text/html", "value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li>Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.</li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.", "supportingMedia": [{"type": "text/html", "value": "<p>The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-14T08:56:54.064Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9137", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-14T15:27:27.483068Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-g9010", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "nat-102", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.0.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "tn-4900", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "oncell_g4302-lte4", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edf-g1002-bp", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-g9004", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-8010", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-10-15T14:32:04.043Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-9137", "state": "PUBLISHED", "dateUpdated": "2024-10-14T08:56:54.064Z", "dateReserved": "2024-09-24T07:11:35.456Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2024-10-14T08:09:22.689Z", "assignerShortName": "Moxa"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise."}, {"lang": "es", "value": "El producto afectado carece de una comprobaci\u00f3n de autenticaci\u00f3n al enviar comandos al servidor a trav\u00e9s del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos espec\u00edficos, lo que puede provocar descargas o cargas no autorizadas de archivos de configuraci\u00f3n y comprometer el sistema."}], "id": "CVE-2024-9137", "lastModified": "2024-10-15T12:57:46.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "psirt@moxa.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "HIGH"}, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2024-10-14T09:15:04.403", "references": [{"source": "psirt@moxa.com", "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}