Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-4503

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-12 Jul, 2016 | 01:00
Updated At-06 Aug, 2024 | 00:32
Rejected At-
Credits

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:12 Jul, 2016 | 01:00
Updated At:06 Aug, 2024 | 00:32
Rejected At:
▼CVE Numbering Authority (CNA)

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
x_refsource_MISC
http://www.securityfocus.com/bid/91670
vdb-entry
x_refsource_BID
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/91670
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/91670
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91670
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:12 Jul, 2016 | 02:00
Updated At:06 May, 2026 | 22:30

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Moxa Inc.
moxa
>>device_server_web_console_5232-n_firmware>>-
cpe:2.3:o:moxa:device_server_web_console_5232-n_firmware:-:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>device_server_web_console_5232-n>>-
cpe:2.3:h:moxa:device_server_web_console_5232-n:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/91670ics-cert@hq.dhs.gov
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/91670af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/91670
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/91670
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

1113Records found
CVE-2016-9361
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-49.58% / 97.86%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5450a1-m12-tnport_5100a_series_firmwarenport_5150a1-m12nport_5410nport_5630nport_5250a1-m12-ctnport_5430nport_5450-tnport_5450a1-m12nport_6100_series_firmwarenport_5232inport_5250a1-m12-tnport_5130nport_5200_series_firmwarenport_5230anport_5600-8-dtl_series_firmwarenport_5232nport_5610-8-dtlnport_5250anport_5210nport_5650nport_p5150a_series_firmwarenport_5400_series_firmwarenport_6150-tnport_5450i-tnport_5450a1-m12-ct-tnport_5250a1-m12-ct-tnport_5250a1-m12nport_5600_series_firmwarenport_5x50a1-m12_series_firmwarenport_5150anport_5150a1-m12-ct-tnport_p5110anport_5110nport_5430inport_5130anport_5150a1-m12-tnport_5100_series_firmwarenport_5450a1-m12-ctnport_5650-8-dtlnport_5650i-8-dtlnport_6150nport_5150nport_5450inport_5450nport_5210anport_5200a_series_firmwarenport_5230nport_5110anport_5150a1-m12-ctnport_5610Moxa NPort
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2016-9369
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-7.40% / 91.90%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5450a1-m12-tnport_5100a_series_firmwarenport_5150a1-m12nport_5410nport_5630nport_5250a1-m12-ctnport_5430nport_5450-tnport_5450a1-m12nport_6100_series_firmwarenport_5232inport_5250a1-m12-tnport_5130nport_5200_series_firmwarenport_5230anport_5600-8-dtl_series_firmwarenport_5232nport_5610-8-dtlnport_5250anport_5210nport_5650nport_p5150a_series_firmwarenport_5400_series_firmwarenport_6150-tnport_5450i-tnport_5450a1-m12-ct-tnport_5250a1-m12-ct-tnport_5250a1-m12nport_5600_series_firmwarenport_5x50a1-m12_series_firmwarenport_5150anport_5150a1-m12-ct-tnport_p5110anport_5110nport_5430inport_5130anport_5150a1-m12-tnport_5100_series_firmwarenport_5450a1-m12-ctnport_5650-8-dtlnport_5650i-8-dtlnport_6150nport_5150nport_5450inport_5450nport_5210anport_5200a_series_firmwarenport_5230nport_5110anport_5150a1-m12-ctnport_5610Moxa NPort
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2016-2286
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.77% / 73.86%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e1_7080_firmwaremiineport_e2_4561_firmwaremiineport_e2_1242_firmwaremiineport_e1_4641miineport_e3_firmwaremiineport_e1_7080miineport_e1_4641_firmwaremiineport_e3miineport_e2_4561miineport_e2_1242n/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-12117
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 29.87%
||
7 Day CHG~0.00%
Published-01 May, 2020 | 13:41
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5100anport_5100a_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-28697
Matching Score-8
Assigner-TWCERT/CC
ShareView Details
Matching Score-8
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 72.37%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa MiiNePort E1 - Broken Access Control

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.

Action-Not Available
Vendor-Moxa Inc.
Product-miineport_e1_firmwaremiineport_e1MiiNePort E1
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-9099
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.09% / 92.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2).

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-9096
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 59.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-9104
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.05%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-9095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.15% / 35.98%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-6563
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 33.37%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.

Action-Not Available
Vendor-ICS-CERTMoxa Inc.
Product-eds-510aeds-408a_firmwareeds-408aeds-510a_firmwareiks-g6824aeds-405a_firmwareiks-g6824a_firmwareeds-405aMoxa IKS, EDS
CWE ID-CWE-341
Predictable from Observable State
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2019-6518
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 28.42%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.

Action-Not Available
Vendor-ICS-CERTMoxa Inc.
Product-eds-510aeds-408a_firmwareeds-408aeds-510a_firmwareiks-g6824aeds-405a_firmwareiks-g6824a_firmwareeds-405aMoxa IKS, EDS
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-6557
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-6.91% / 91.58%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.

Action-Not Available
Vendor-ICS-CERTMoxa Inc.
Product-eds-510aeds-408a_firmwareeds-408aeds-510a_firmwareiks-g6824aeds-405a_firmwareiks-g6824a_firmwareeds-405aMoxa IKS, EDS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-6524
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.24%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.

Action-Not Available
Vendor-ICS-CERTMoxa Inc.
Product-eds-510aeds-408a_firmwareeds-408aeds-510a_firmwareiks-g6824aeds-405a_firmwareiks-g6824a_firmwareeds-405aMoxa IKS, EDS
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2019-6526
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.15%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 20:11
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.

Action-Not Available
Vendor-Moxa Inc.
Product-eds-510aeds-408a_firmwareeds-408aeds-510a_firmwareiks-g6824aeds-405a_firmwareiks-g6824a_firmwareeds-405aIKS, EDS
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-5137
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.50%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 15:38
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-awk-3131aawk-3131a_firmwareMoxa
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-16715
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.6||HIGH
EPSS-0.24% / 48.04%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 21:00
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5150nport_5130_firmwarenport_5110_firmwarenport_5130nport_5110nport_5150_firmwareMoxa NPort 5110, 5130, and 5150
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13698
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.28%
||
7 Day CHG~0.00%
Published-23 Nov, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g512eeds-g512e_firmwaren/a
CVE-2017-13699
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.98%
||
7 Day CHG~0.00%
Published-23 Nov, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g512eeds-g512e_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-13701
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 61.20%
||
7 Day CHG~0.00%
Published-23 Nov, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g512eeds-g512e_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13702
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 58.21%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g512eeds-g512e_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-12128
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-3.04% / 86.95%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 20:00
Updated-16 Sep, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.Talos (Cisco Systems, Inc.)
Product-edr-810_firmwareedr-810Moxa
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8722
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 59.08%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131a_firmwareawk-3131aAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8724
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-3.21% / 87.27%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131a_firmwareawk-3131aAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-9344
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.32%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e2_firmwaremiineport_e1_firmwaremiineport_e2miineport_e3_firmwaremiineport_e3miineport_e1Moxa MiiNePort
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-8725
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 59.08%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131a_firmwareawk-3131aAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8727
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.50% / 66.18%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131a_firmwareawk-3131aAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8346
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.98%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).

Action-Not Available
Vendor-n/aMoxa Inc.
Product-edr-810-vpnedr-810edr-810_firmwareMoxa EDR-810 Industrial Secure Router
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-8717
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.35% / 57.96%
||
7 Day CHG~0.00%
Published-02 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.

Action-Not Available
Vendor-Moxa Inc.Talos (Cisco Systems, Inc.)
Product-awk-3131aawk-3131a_firmwareMoxa
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2016-9366
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.96%
||
7 Day CHG-0.02%
Published-13 Feb, 2017 | 21:00
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5450a1-m12-tnport_5100a_series_firmwarenport_5150a1-m12nport_5410nport_5630nport_5250a1-m12-ctnport_5430nport_5450-tnport_5450a1-m12nport_6100_series_firmwarenport_5232inport_5250a1-m12-tnport_5130nport_5200_series_firmwarenport_5230anport_5600-8-dtl_series_firmwarenport_5232nport_5610-8-dtlnport_5250anport_5210nport_5650nport_p5150a_series_firmwarenport_5400_series_firmwarenport_6150-tnport_5450i-tnport_5450a1-m12-ct-tnport_5250a1-m12-ct-tnport_5250a1-m12nport_5600_series_firmwarenport_5x50a1-m12_series_firmwarenport_5150anport_5150a1-m12-ct-tnport_p5110anport_5110nport_5430inport_5130anport_5150a1-m12-tnport_5100_series_firmwarenport_5450a1-m12-ctnport_5650-8-dtlnport_5650i-8-dtlnport_6150nport_5150nport_5450inport_5450nport_5210anport_5200a_series_firmwarenport_5230nport_5110anport_5150a1-m12-ctnport_5610Moxa NPort
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2016-9346
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.73%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e2_firmwaremiineport_e1_firmwaremiineport_e2miineport_e3_firmwaremiineport_e3miineport_e1Moxa MiiNePort
CVE-2021-4161
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 31.48%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 18:48
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-21-357-01 Moxa MGate Protocol Gateways

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

Action-Not Available
Vendor-Moxa Inc.
Product-mgate_mb3280_firmwaremgate_mb3280mgate_mb3180_firmwaremgate_mb3180mgate_mb3480_firmwaremgate_mb3480MGate MB3280 SeriesMGate MB3180 SeriesMGate MB3480 Series
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-40392
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 34.97%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXView Series
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-40390
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.33% / 56.03%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXView Series
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-38456
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.92%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 13:37
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa MXview Network Management Software

A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXview Network Management Software
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-38460
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.64% / 70.88%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 13:38
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa MXview Network Management Software

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXview Network Management Software
CWE ID-CWE-523
Unprotected Transport of Credentials
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-4712
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-0.83% / 74.93%
||
7 Day CHG~0.00%
Published-15 Feb, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-edr-g903_firmwareedr-g903n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-38458
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 74.80%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 13:38
Updated-16 Sep, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa MXview Network Management Software

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXview Network Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-32974
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 75.14%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_iaw5150a-12i\/o_firmwarenport_iaw5250a-6i\/onport_iaw5150a-6i\/o_firmwarenport_iaw5150a-6i\/onport_iaw5250a-6i\/o_firmwarenport_iaw5250a-12i\/onport_iaw5150a-12i\/onport_iaw5250a-12i\/o_firmwareNPort IAW5000A-I/O series firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-5804
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.22%
||
7 Day CHG~0.00%
Published-15 Jul, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mgate_mb3280_firmwaremgate_mb3480_firmwaremgate_mb3480mgate_mb3170_firmwaremgate_mb3170mgate_mb3180mgate_mb3280mgate_mb3270_firmwaremgate_mb3270mgate_mb3180_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-9101
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 31.54%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-18238
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.59%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 21:19
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-iologik_2512-wl1-eu-t_firmwareiologik_2542-wl1-jpiologik_2542-wl1-jp-t_firmwareiologik_2512iologik_2512-t_firmwareiologik_2512-tiologik_2542-wl1-jp_firmwareiologik_2512-wl1-jp-t_firmwareiologik_2512-wl1-jp-tiologik_2542_firmwareiologik_2542-wl1-usiologik_2512-wl1-usiologik_2512-hspa-tiologik_2512-wl1-jp_firmwareiologik_2542-wl1-eu_firmwareiologik_2542-hspa_firmwareiologik_2542-wl1-jp-tiologik_2512-wl1-eu-tiologik_2542-t_firmwareiologik_2542-wl1-eu-t_firmwareiologik_2542-wl1-us-tiologik_2512-hspa-t_firmwareiologik_2512_firmwareiologik_2512-wl1-us-t_firmwareiologik_2542-wl1-eu-tiologik_2542-wl1-euiologik_2512-wl1-us-tiologik_2542-wl1-us-t_firmwareiologik_2542-tiologik_2512-wl1-eu_firmwareiologik_2512-wl1-euiologik_2542-hspaiologik_2512-wl1-jpiologik_2512-wl1-us_firmwareiologik_2542-wl1-us_firmwareiologik_2542-hspa-t_firmwareiologik_2512-hspaiologik_2542iologik_2512-hspa_firmwareiologik_2542-hspa-tMoxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2024-4641
Matching Score-8
Assigner-Moxa Inc.
ShareView Details
Matching Score-8
Assigner-Moxa Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.48% / 65.55%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 09:23
Updated-18 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OnCell G3470A-LTE Series: Authenticated Format String Errors

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

Action-Not Available
Vendor-Moxa Inc.
Product-oncell_g3470a-lte-eu-t_firmwareoncell_g3470a-lte-us-toncell_g3470a-lte-us-t_firmwareoncell_g3470a-lte-eu_firmwareoncell_g3470a-lte-eu-toncell_g3470a-lte-us_firmwareoncell_g3470a-lte-euoncell_g3470a-lte-usOnCell G3150A-LTE Seriesoncell_g3470a-lte-us
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2016-2295
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.75% / 73.49%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e1_7080_firmwaremiineport_e1_4641miineport_e2_1242_firmwaremiineport_e2_4561_firmwaremiineport_e3_firmwaremiineport_e1_4641_firmwaremiineport_e1_7080miineport_e3miineport_e2_4561miineport_e2_1242n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-6991
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.09%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 20:29
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g516e_firmwareeds-g516eeds-510e_firmwareeds-510eMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-6981
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.14%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 20:23
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g516e_firmwareeds-g516eeds-510e_firmwareeds-510eMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-6995
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 66.00%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:16
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-pt-7828-r-24pt-7528-12msc-12tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wv_firmwarept-7528-16msc-8tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-hv_firmwarept-7528-8ssc-16tx-4gsfp-hv-hv_firmwarept-7528-12mst-12tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv-hv_firmwarept-7828-r-24-24pt-7528-12msc-12tx-4gsfp-hvpt-7528-8msc-16tx-4gsfp-wv-wvpt-7528-12mst-12tx-4gsfp-hvpt-7828-f-hv-hv_firmwarept-7528-20msc-4tx-4gsfp-wvpt-7528-16mst-8tx-4gsfp-wvpt-7528-12msc-12tx-4gsfp-wv_firmwarept-7828-r-24-24_firmwarept-7528-20msc-4tx-4gsfp-wv-wvpt-7828-r-hv-hv_firmwarept-7528-20mst-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hv_firmwarept-7528-12msc-12tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wvpt-7528-8msc-16tx-4gsfp-hv_firmwarept-7828-f-24-hv_firmwarept-7828-f-48-hvpt-7828-r-48-hv_firmwarept-7828-f-24-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wvpt-7828-f-48-hv_firmwarept-7528-16msc-8tx-4gsfp-wvpt-7528-8ssc-16tx-4gsfp-wv-wvpt-7528-24tx-wv-wv_firmwarept-7528-20msc-4tx-4gsfp-wv_firmwarept-7828-r-24-hvpt-7828-f-hv-hvpt-7828-r-48-48_firmwarept-7828-f-hv_firmwarept-7528-24tx-wv-hvpt-7528-24tx-wv_firmwarept-7528-12msc-12tx-4gsfp-hv-hvpt-7528-24tx-wvpt-7528-16msc-8tx-4gsfp-wv_firmwarept-7828-r-48_firmwarept-7828-r-hv-hvpt-7528-16msc-8tx-4gsfp-wv-wvpt-7828-f-48_firmwarept-7528-8ssc-16tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-wv-wv_firmwarept-7828-r-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hv_firmwarept-7528-8ssc-16tx-4gsfp-wv-wv_firmwarept-7828-f-24pt-7528-24tx-wv-hv_firmwarept-7528-8mst-16tx-4gsfp-hvpt-7528-24tx-hv-hv_firmwarept-7528-16mst-8tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv-hv_firmwarept-7828-f-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hvpt-7828-r-48pt-7528-16mst-8tx-4gsfp-wv-wv_firmwarept-7528-12msc-12tx-4gsfp-hv_firmwarept-7528-16msc-8tx-4gsfp-hv-hv_firmwarept-7528-8msc-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-hv-hv_firmwarept-7828-r-24-hv_firmwarept-7828-r-48-48pt-7528-20msc-4tx-4gsfp-hv_firmwarept-7528-8mst-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-wv-wv_firmwarept-7828-r-hvpt-7528-8mst-16tx-4gsfp-wv_firmwarept-7828-f-48-48_firmwarept-7828-r-48-hvpt-7528-20msc-4tx-4gsfp-hv-hvpt-7528-8msc-16tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv_firmwarept-7528-12mst-12tx-4gsfp-wv_firmwarept-7528-12msc-12tx-4gsfp-wv-wvpt-7528-24tx-hv_firmwarept-7528-20mst-4tx-4gsfp-wv_firmwarept-7528-8msc-16tx-4gsfp-hvpt-7828-f-48-48pt-7528-16msc-8tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv-wvpt-7528-8mst-16tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-wv-wvpt-7528-20msc-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hvpt-7528-24tx-wv-wvpt-7528-16mst-8tx-4gsfp-hvpt-7828-r-24_firmwarept-7528-20mst-4tx-4gsfp-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-hv-hv_firmwarept-7528-24tx-hvpt-7528-8msc-16tx-4gsfp-wv_firmwarept-7828-f-hvpt-7528-24tx-hv-hvpt-7528-20mst-4tx-4gsfp-wvpt-7828-f-24-hvpt-7528-12mst-12tx-4gsfp-wvpt-7828-f-48pt-7528-12msc-12tx-4gsfp-wvpt-7828-f-24-24Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower
CWE ID-CWE-521
Weak Password Requirements
CVE-2020-7001
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 20:15
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g516e_firmwareeds-g516eeds-510e_firmwareeds-510eMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-7003
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.76%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:02
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-iologik_2512-wl1-eu-t_firmwareiologik_2542-wl1-jpiologik_2542-wl1-jp-t_firmwareiologik_2512iologik_2512-t_firmwareiologik_2512-tiologik_2542-wl1-jp_firmwareiologik_2512-wl1-jp-t_firmwareiologik_2512-wl1-jp-tiologik_2542_firmwareiologik_2542-wl1-usiologik_2512-wl1-usiologik_2512-hspa-tiologik_2512-wl1-jp_firmwareiologik_2542-wl1-eu_firmwareiologik_2542-hspa_firmwareiologik_2542-wl1-jp-tiologik_2512-wl1-eu-tiologik_2542-t_firmwareiologik_2542-wl1-eu-t_firmwareiologik_2542-wl1-us-tiologik_2512-hspa-t_firmwareiologik_2512_firmwareiologik_2512-wl1-us-t_firmwareiologik_2542-wl1-eu-tiologik_2542-wl1-euiologik_2512-wl1-us-tiologik_2542-wl1-us-t_firmwareiologik_2542-tiologik_2512-wl1-eu_firmwareiologik_2512-wl1-euiologik_2542-hspaiologik_2512-wl1-jpiologik_2512-wl1-us_firmwareiologik_2542-wl1-us_firmwareiologik_2542-hspa-t_firmwareiologik_2512-hspaiologik_2542iologik_2512-hspa_firmwareiologik_2542-hspa-tMoxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-6983
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.48%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:57
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-pt-7828-r-24pt-7528-12msc-12tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wv_firmwarept-7528-16msc-8tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-hv_firmwarept-7528-8ssc-16tx-4gsfp-hv-hv_firmwarept-7528-12mst-12tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv-hv_firmwarept-7828-r-24-24pt-7528-12msc-12tx-4gsfp-hvpt-7528-8msc-16tx-4gsfp-wv-wvpt-7528-12mst-12tx-4gsfp-hvpt-7828-f-hv-hv_firmwarept-7528-20msc-4tx-4gsfp-wvpt-7528-16mst-8tx-4gsfp-wvpt-7528-12msc-12tx-4gsfp-wv_firmwarept-7828-r-24-24_firmwarept-7528-20msc-4tx-4gsfp-wv-wvpt-7828-r-hv-hv_firmwarept-7528-20mst-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hv_firmwarept-7528-12msc-12tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wvpt-7528-8msc-16tx-4gsfp-hv_firmwarept-7828-f-24-hv_firmwarept-7828-f-48-hvpt-7828-r-48-hv_firmwarept-7828-f-24-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wvpt-7828-f-48-hv_firmwarept-7528-16msc-8tx-4gsfp-wvpt-7528-8ssc-16tx-4gsfp-wv-wvpt-7528-24tx-wv-wv_firmwarept-7528-20msc-4tx-4gsfp-wv_firmwarept-7828-r-24-hvpt-7828-f-hv-hvpt-7828-r-48-48_firmwarept-7828-f-hv_firmwarept-7528-24tx-wv-hvpt-7528-24tx-wv_firmwarept-7528-12msc-12tx-4gsfp-hv-hvpt-7528-24tx-wvpt-7528-16msc-8tx-4gsfp-wv_firmwarept-7828-r-48_firmwarept-7828-r-hv-hvpt-7528-16msc-8tx-4gsfp-wv-wvpt-7828-f-48_firmwarept-7528-8ssc-16tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-wv-wv_firmwarept-7828-r-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hv_firmwarept-7528-8ssc-16tx-4gsfp-wv-wv_firmwarept-7828-f-24pt-7528-24tx-wv-hv_firmwarept-7528-8mst-16tx-4gsfp-hvpt-7528-24tx-hv-hv_firmwarept-7528-16mst-8tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv-hv_firmwarept-7828-f-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hvpt-7828-r-48pt-7528-16mst-8tx-4gsfp-wv-wv_firmwarept-7528-12msc-12tx-4gsfp-hv_firmwarept-7528-16msc-8tx-4gsfp-hv-hv_firmwarept-7528-8msc-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-hv-hv_firmwarept-7828-r-24-hv_firmwarept-7828-r-48-48pt-7528-20msc-4tx-4gsfp-hv_firmwarept-7528-8mst-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-wv-wv_firmwarept-7828-r-hvpt-7528-8mst-16tx-4gsfp-wv_firmwarept-7828-f-48-48_firmwarept-7828-r-48-hvpt-7528-20msc-4tx-4gsfp-hv-hvpt-7528-8msc-16tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv_firmwarept-7528-12mst-12tx-4gsfp-wv_firmwarept-7528-12msc-12tx-4gsfp-wv-wvpt-7528-24tx-hv_firmwarept-7528-20mst-4tx-4gsfp-wv_firmwarept-7528-8msc-16tx-4gsfp-hvpt-7828-f-48-48pt-7528-16msc-8tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv-wvpt-7528-8mst-16tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-wv-wvpt-7528-20msc-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hvpt-7528-24tx-wv-wvpt-7528-16mst-8tx-4gsfp-hvpt-7828-r-24_firmwarept-7528-20mst-4tx-4gsfp-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-hv-hv_firmwarept-7528-24tx-hvpt-7528-8msc-16tx-4gsfp-wv_firmwarept-7828-f-hvpt-7528-24tx-hv-hvpt-7528-20mst-4tx-4gsfp-wvpt-7828-f-24-hvpt-7528-12mst-12tx-4gsfp-wvpt-7828-f-48pt-7528-12msc-12tx-4gsfp-wvpt-7828-f-24-24Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-6989
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.88% / 83.52%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:54
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-pt-7828-r-24pt-7528-12msc-12tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wv_firmwarept-7528-16msc-8tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-hv_firmwarept-7528-8ssc-16tx-4gsfp-hv-hv_firmwarept-7528-12mst-12tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv-hv_firmwarept-7828-r-24-24pt-7528-12msc-12tx-4gsfp-hvpt-7528-8msc-16tx-4gsfp-wv-wvpt-7528-12mst-12tx-4gsfp-hvpt-7828-f-hv-hv_firmwarept-7528-20msc-4tx-4gsfp-wvpt-7528-16mst-8tx-4gsfp-wvpt-7528-12msc-12tx-4gsfp-wv_firmwarept-7828-r-24-24_firmwarept-7528-20msc-4tx-4gsfp-wv-wvpt-7828-r-hv-hv_firmwarept-7528-20mst-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hv_firmwarept-7528-12msc-12tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wvpt-7528-8msc-16tx-4gsfp-hv_firmwarept-7828-f-24-hv_firmwarept-7828-f-48-hvpt-7828-r-48-hv_firmwarept-7828-f-24-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wvpt-7828-f-48-hv_firmwarept-7528-16msc-8tx-4gsfp-wvpt-7528-8ssc-16tx-4gsfp-wv-wvpt-7528-24tx-wv-wv_firmwarept-7528-20msc-4tx-4gsfp-wv_firmwarept-7828-r-24-hvpt-7828-f-hv-hvpt-7828-r-48-48_firmwarept-7828-f-hv_firmwarept-7528-24tx-wv-hvpt-7528-24tx-wv_firmwarept-7528-12msc-12tx-4gsfp-hv-hvpt-7528-24tx-wvpt-7528-16msc-8tx-4gsfp-wv_firmwarept-7828-r-48_firmwarept-7828-r-hv-hvpt-7528-16msc-8tx-4gsfp-wv-wvpt-7828-f-48_firmwarept-7528-8ssc-16tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-wv-wv_firmwarept-7828-r-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hv_firmwarept-7528-8ssc-16tx-4gsfp-wv-wv_firmwarept-7828-f-24pt-7528-24tx-wv-hv_firmwarept-7528-8mst-16tx-4gsfp-hvpt-7528-24tx-hv-hv_firmwarept-7528-16mst-8tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv-hv_firmwarept-7828-f-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hvpt-7828-r-48pt-7528-16mst-8tx-4gsfp-wv-wv_firmwarept-7528-12msc-12tx-4gsfp-hv_firmwarept-7528-16msc-8tx-4gsfp-hv-hv_firmwarept-7528-8msc-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-hv-hv_firmwarept-7828-r-24-hv_firmwarept-7828-r-48-48pt-7528-20msc-4tx-4gsfp-hv_firmwarept-7528-8mst-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-wv-wv_firmwarept-7828-r-hvpt-7528-8mst-16tx-4gsfp-wv_firmwarept-7828-f-48-48_firmwarept-7828-r-48-hvpt-7528-20msc-4tx-4gsfp-hv-hvpt-7528-8msc-16tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv_firmwarept-7528-12mst-12tx-4gsfp-wv_firmwarept-7528-12msc-12tx-4gsfp-wv-wvpt-7528-24tx-hv_firmwarept-7528-20mst-4tx-4gsfp-wv_firmwarept-7528-8msc-16tx-4gsfp-hvpt-7828-f-48-48pt-7528-16msc-8tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv-wvpt-7528-8mst-16tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-wv-wvpt-7528-20msc-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hvpt-7528-24tx-wv-wvpt-7528-16mst-8tx-4gsfp-hvpt-7828-r-24_firmwarept-7528-20mst-4tx-4gsfp-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-hv-hv_firmwarept-7528-24tx-hvpt-7528-8msc-16tx-4gsfp-wv_firmwarept-7828-f-hvpt-7528-24tx-hv-hvpt-7528-20mst-4tx-4gsfp-wvpt-7828-f-24-hvpt-7528-12mst-12tx-4gsfp-wvpt-7828-f-48pt-7528-12msc-12tx-4gsfp-wvpt-7828-f-24-24Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found