Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-7913

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-29 May, 2017 | 16:00
Updated At-05 Aug, 2024 | 16:19
Rejected At-
Credits

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:29 May, 2017 | 16:00
Updated At:05 Aug, 2024 | 16:19
Rejected At:
▼CVE Numbering Authority (CNA)

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.

Affected Products
Vendor
n/a
Product
Moxa OnCell
Versions
Affected
  • Moxa OnCell
Problem Types
TypeCWE IDDescription
CWECWE-256CWE-256
Type: CWE
CWE ID: CWE-256
Description: CWE-256
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
x_refsource_MISC
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
x_refsource_MISC
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:29 May, 2017 | 16:29
Updated At:20 Apr, 2025 | 01:37

A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Moxa Inc.
moxa
>>oncell_g3110-hspa_firmware>>Versions up to 1.3(inclusive)
cpe:2.3:o:moxa:oncell_g3110-hspa_firmware:*:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_g3110-hspa>>-
cpe:2.3:h:moxa:oncell_g3110-hspa:-:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_g3110-hsdpa_firmware>>Versions up to 1.2(inclusive)
cpe:2.3:o:moxa:oncell_g3110-hsdpa_firmware:*:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_g3110-hsdpa>>-
cpe:2.3:h:moxa:oncell_g3110-hsdpa:-:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_g3150-hsdpa_firmware>>Versions up to 1.4(inclusive)
cpe:2.3:o:moxa:oncell_g3150-hsdpa_firmware:*:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_g3150-hsdpa>>-
cpe:2.3:h:moxa:oncell_g3150-hsdpa:-:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_5104-hsdpa_firmware>>Versions up to -(inclusive)
cpe:2.3:o:moxa:oncell_5104-hsdpa_firmware:*:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_5104-hsdpa>>-
cpe:2.3:h:moxa:oncell_5104-hsdpa:-:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_5104-hspa_firmware>>Versions up to -(inclusive)
cpe:2.3:o:moxa:oncell_5104-hspa_firmware:*:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_5104-hspa>>-
cpe:2.3:h:moxa:oncell_5104-hspa:-:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_5004-hspa_firmware>>Versions up to -(inclusive)
cpe:2.3:o:moxa:oncell_5004-hspa_firmware:*:*:*:*:*:*:*:*
Moxa Inc.
moxa
>>oncell_5004-hspa>>-
cpe:2.3:h:moxa:oncell_5004-hspa:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-256Secondaryics-cert@hq.dhs.gov
CWE-522Primarynvd@nist.gov
CWE ID: CWE-256
Type: Secondary
Source: ics-cert@hq.dhs.gov
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

304Records found
CVE-2019-9104
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.67%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-6518
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.51%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.

Action-Not Available
Vendor-ICS-CERTMoxa Inc.
Product-eds-510aeds-408a_firmwareeds-408aeds-510a_firmwareiks-g6824aeds-405a_firmwareiks-g6824a_firmwareeds-405aMoxa IKS, EDS
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2017-7915
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.64%
||
7 Day CHG~0.00%
Published-29 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-oncell_g3110-hspaoncell_g3110-hsdpa_firmwareoncell_5104-hsdpaoncell_g3150-hsdpa_firmwareoncell_g3110-hspa_firmwareoncell_g3110-hsdpaoncell_5104-hsdpa_firmwareoncell_5004-hspa_firmwareoncell_g3150-hsdpaoncell_5104-hspaoncell_5104-hspa_firmwareoncell_5004-hspaMoxa OnCell
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2019-5137
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.13%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 15:38
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-awk-3131aawk-3131a_firmwareMoxa
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-4161
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.73%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 18:48
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ICSA-21-357-01 Moxa MGate Protocol Gateways

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

Action-Not Available
Vendor-Moxa Inc.
Product-mgate_mb3280_firmwaremgate_mb3280mgate_mb3180_firmwaremgate_mb3180mgate_mb3480_firmwaremgate_mb3480MGate MB3280 SeriesMGate MB3180 SeriesMGate MB3480 Series
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2017-16715
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.70%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5130_firmwarenport_5110nport_5110_firmwarenport_5150nport_5130nport_5150_firmwareMoxa NPort 5110, 5130, and 5150
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-40392
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXView Series
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-38460
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.53%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 13:38
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa MXview Network Management Software

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Action-Not Available
Vendor-Moxa Inc.
Product-mxviewMXview Network Management Software
CWE ID-CWE-523
Unprotected Transport of Credentials
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-14459
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-20.60% / 95.36%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 16:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.

Action-Not Available
Vendor-Moxa Inc.Talos (Cisco Systems, Inc.)
Product-awk-3131aawk-3131a_firmwareMoxa
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-13699
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.07%
||
7 Day CHG~0.00%
Published-23 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g512eeds-g512e_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-13701
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.02%
||
7 Day CHG~0.00%
Published-23 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g512eeds-g512e_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13698
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.11%
||
7 Day CHG~0.00%
Published-23 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g512eeds-g512e_firmwaren/a
CVE-2017-12729
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.67%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 19:00
Updated-05 Aug, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-softcms_lab_viewMoxa SoftCMS Live Viewer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-12128
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-1.21% / 78.17%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 20:00
Updated-16 Sep, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.Talos (Cisco Systems, Inc.)
Product-edr-810_firmwareedr-810Moxa
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-6993
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.20%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:19
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-pt-7828-r-24pt-7528-12msc-12tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wv_firmwarept-7528-16msc-8tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-hv_firmwarept-7528-8ssc-16tx-4gsfp-hv-hv_firmwarept-7528-12mst-12tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv-hv_firmwarept-7828-r-24-24pt-7528-12msc-12tx-4gsfp-hvpt-7528-8msc-16tx-4gsfp-wv-wvpt-7528-12mst-12tx-4gsfp-hvpt-7828-f-hv-hv_firmwarept-7528-20msc-4tx-4gsfp-wvpt-7528-16mst-8tx-4gsfp-wvpt-7528-12msc-12tx-4gsfp-wv_firmwarept-7828-r-24-24_firmwarept-7528-20msc-4tx-4gsfp-wv-wvpt-7828-r-hv-hv_firmwarept-7528-20mst-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hv_firmwarept-7528-12msc-12tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wvpt-7528-8msc-16tx-4gsfp-hv_firmwarept-7828-f-24-hv_firmwarept-7828-f-48-hvpt-7828-r-48-hv_firmwarept-7828-f-24-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wvpt-7828-f-48-hv_firmwarept-7528-16msc-8tx-4gsfp-wvpt-7528-8ssc-16tx-4gsfp-wv-wvpt-7528-24tx-wv-wv_firmwarept-7528-20msc-4tx-4gsfp-wv_firmwarept-7828-r-24-hvpt-7828-f-hv-hvpt-7828-r-48-48_firmwarept-7828-f-hv_firmwarept-7528-24tx-wv-hvpt-7528-24tx-wv_firmwarept-7528-12msc-12tx-4gsfp-hv-hvpt-7528-24tx-wvpt-7528-16msc-8tx-4gsfp-wv_firmwarept-7828-r-48_firmwarept-7828-r-hv-hvpt-7528-16msc-8tx-4gsfp-wv-wvpt-7828-f-48_firmwarept-7528-8ssc-16tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-wv-wv_firmwarept-7828-r-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hv_firmwarept-7528-8ssc-16tx-4gsfp-wv-wv_firmwarept-7828-f-24pt-7528-24tx-wv-hv_firmwarept-7528-8mst-16tx-4gsfp-hvpt-7528-24tx-hv-hv_firmwarept-7528-16mst-8tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv-hv_firmwarept-7828-f-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hvpt-7828-r-48pt-7528-16mst-8tx-4gsfp-wv-wv_firmwarept-7528-12msc-12tx-4gsfp-hv_firmwarept-7528-16msc-8tx-4gsfp-hv-hv_firmwarept-7528-8msc-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-hv-hv_firmwarept-7828-r-24-hv_firmwarept-7828-r-48-48pt-7528-20msc-4tx-4gsfp-hv_firmwarept-7528-8mst-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-wv-wv_firmwarept-7828-r-hvpt-7528-8mst-16tx-4gsfp-wv_firmwarept-7828-f-48-48_firmwarept-7828-r-48-hvpt-7528-20msc-4tx-4gsfp-hv-hvpt-7528-8msc-16tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv_firmwarept-7528-12mst-12tx-4gsfp-wv_firmwarept-7528-12msc-12tx-4gsfp-wv-wvpt-7528-24tx-hv_firmwarept-7528-20mst-4tx-4gsfp-wv_firmwarept-7528-8msc-16tx-4gsfp-hvpt-7828-f-48-48pt-7528-16msc-8tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv-wvpt-7528-8mst-16tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-wv-wvpt-7528-20msc-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hvpt-7528-24tx-wv-wvpt-7528-16mst-8tx-4gsfp-hvpt-7828-r-24_firmwarept-7528-20mst-4tx-4gsfp-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-hv-hv_firmwarept-7528-24tx-hvpt-7528-8msc-16tx-4gsfp-wv_firmwarept-7828-f-hvpt-7528-24tx-hv-hvpt-7528-20mst-4tx-4gsfp-wvpt-7828-f-24-hvpt-7528-12mst-12tx-4gsfp-wvpt-7828-f-48pt-7528-12msc-12tx-4gsfp-wvpt-7828-f-24-24Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-6987
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:00
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-pt-7828-r-24pt-7528-12msc-12tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wv_firmwarept-7528-16msc-8tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-hv_firmwarept-7528-8ssc-16tx-4gsfp-hv-hv_firmwarept-7528-12mst-12tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv-hv_firmwarept-7828-r-24-24pt-7528-12msc-12tx-4gsfp-hvpt-7528-8msc-16tx-4gsfp-wv-wvpt-7528-12mst-12tx-4gsfp-hvpt-7828-f-hv-hv_firmwarept-7528-20msc-4tx-4gsfp-wvpt-7528-16mst-8tx-4gsfp-wvpt-7528-12msc-12tx-4gsfp-wv_firmwarept-7828-r-24-24_firmwarept-7528-20msc-4tx-4gsfp-wv-wvpt-7828-r-hv-hv_firmwarept-7528-20mst-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hv_firmwarept-7528-12msc-12tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wvpt-7528-8msc-16tx-4gsfp-hv_firmwarept-7828-f-24-hv_firmwarept-7828-f-48-hvpt-7828-r-48-hv_firmwarept-7828-f-24-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wvpt-7828-f-48-hv_firmwarept-7528-16msc-8tx-4gsfp-wvpt-7528-8ssc-16tx-4gsfp-wv-wvpt-7528-24tx-wv-wv_firmwarept-7528-20msc-4tx-4gsfp-wv_firmwarept-7828-r-24-hvpt-7828-f-hv-hvpt-7828-r-48-48_firmwarept-7828-f-hv_firmwarept-7528-24tx-wv-hvpt-7528-24tx-wv_firmwarept-7528-12msc-12tx-4gsfp-hv-hvpt-7528-24tx-wvpt-7528-16msc-8tx-4gsfp-wv_firmwarept-7828-r-48_firmwarept-7828-r-hv-hvpt-7528-16msc-8tx-4gsfp-wv-wvpt-7828-f-48_firmwarept-7528-8ssc-16tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-wv-wv_firmwarept-7828-r-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hv_firmwarept-7528-8ssc-16tx-4gsfp-wv-wv_firmwarept-7828-f-24pt-7528-24tx-wv-hv_firmwarept-7528-8mst-16tx-4gsfp-hvpt-7528-24tx-hv-hv_firmwarept-7528-16mst-8tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv-hv_firmwarept-7828-f-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hvpt-7828-r-48pt-7528-16mst-8tx-4gsfp-wv-wv_firmwarept-7528-12msc-12tx-4gsfp-hv_firmwarept-7528-16msc-8tx-4gsfp-hv-hv_firmwarept-7528-8msc-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-hv-hv_firmwarept-7828-r-24-hv_firmwarept-7828-r-48-48pt-7528-20msc-4tx-4gsfp-hv_firmwarept-7528-8mst-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-wv-wv_firmwarept-7828-r-hvpt-7528-8mst-16tx-4gsfp-wv_firmwarept-7828-f-48-48_firmwarept-7828-r-48-hvpt-7528-20msc-4tx-4gsfp-hv-hvpt-7528-8msc-16tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv_firmwarept-7528-12mst-12tx-4gsfp-wv_firmwarept-7528-12msc-12tx-4gsfp-wv-wvpt-7528-24tx-hv_firmwarept-7528-20mst-4tx-4gsfp-wv_firmwarept-7528-8msc-16tx-4gsfp-hvpt-7828-f-48-48pt-7528-16msc-8tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv-wvpt-7528-8mst-16tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-wv-wvpt-7528-20msc-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hvpt-7528-24tx-wv-wvpt-7528-16mst-8tx-4gsfp-hvpt-7828-r-24_firmwarept-7528-20mst-4tx-4gsfp-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-hv-hv_firmwarept-7528-24tx-hvpt-7528-8msc-16tx-4gsfp-wv_firmwarept-7828-f-hvpt-7528-24tx-hv-hvpt-7528-20mst-4tx-4gsfp-wvpt-7828-f-24-hvpt-7528-12mst-12tx-4gsfp-wvpt-7828-f-48pt-7528-12msc-12tx-4gsfp-wvpt-7828-f-24-24Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-6997
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g516e_firmwareeds-g516eeds-510e_firmwareeds-510eMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-18238
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-26 Feb, 2020 | 21:19
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-iologik_2512-wl1-eu-t_firmwareiologik_2542-wl1-jpiologik_2542-wl1-jp-t_firmwareiologik_2512iologik_2512-t_firmwareiologik_2512-tiologik_2542-wl1-jp_firmwareiologik_2512-wl1-jp-t_firmwareiologik_2512-wl1-jp-tiologik_2542_firmwareiologik_2542-wl1-usiologik_2512-wl1-usiologik_2512-hspa-tiologik_2512-wl1-jp_firmwareiologik_2542-wl1-eu_firmwareiologik_2542-hspa_firmwareiologik_2542-wl1-jp-tiologik_2512-wl1-eu-tiologik_2542-t_firmwareiologik_2542-wl1-eu-t_firmwareiologik_2542-wl1-us-tiologik_2512-hspa-t_firmwareiologik_2512_firmwareiologik_2512-wl1-us-t_firmwareiologik_2542-wl1-eu-tiologik_2542-wl1-euiologik_2512-wl1-us-tiologik_2542-wl1-us-t_firmwareiologik_2542-tiologik_2512-wl1-eu_firmwareiologik_2512-wl1-euiologik_2542-hspaiologik_2512-wl1-jpiologik_2512-wl1-us_firmwareiologik_2542-wl1-us_firmwareiologik_2542-hspa-t_firmwareiologik_2512-hspaiologik_2542iologik_2512-hspa_firmwareiologik_2542-hspa-tMoxa ioLogik 2500 series firmware, Version 3.0 or lower, IOxpress configuration utility, Version 2.3.0 or lower
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2016-9369
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-7.40% / 91.35%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5450nport_5610nport_5100a_series_firmwarenport_5430nport_5232nport_5410nport_5250a1-m12-ctnport_5430inport_5450i-tnport_5200_series_firmwarenport_5150anport_6100_series_firmwarenport_5630nport_p5110anport_5150a1-m12-tnport_5250a1-m12-tnport_5450a1-m12-ctnport_5650i-8-dtlnport_5130nport_5150nport_5210nport_5650-8-dtlnport_5150a1-m12-ctnport_5250anport_5150a1-m12-ct-tnport_5200a_series_firmwarenport_5230anport_p5150a_series_firmwarenport_5450a1-m12-ct-tnport_5250a1-m12-ct-tnport_5232inport_5450a1-m12nport_6150-tnport_5110anport_5600-8-dtl_series_firmwarenport_5400_series_firmwarenport_5450inport_5610-8-dtlnport_5650nport_5130anport_5450a1-m12-tnport_5600_series_firmwarenport_5150a1-m12nport_5230nport_5210anport_5x50a1-m12_series_firmwarenport_5450-tnport_6150nport_5100_series_firmwarenport_5110nport_5250a1-m12Moxa NPort
CWE ID-CWE-287
Improper Authentication
CVE-2016-9346
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e1_firmwaremiineport_e1miineport_e2miineport_e2_firmwaremiineport_e3miineport_e3_firmwareMoxa MiiNePort
CVE-2016-9344
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.35%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e1_firmwaremiineport_e1miineport_e2miineport_e2_firmwaremiineport_e3miineport_e3_firmwareMoxa MiiNePort
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-9361
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-50.81% / 97.77%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5450nport_5610nport_5100a_series_firmwarenport_5430nport_5232nport_5410nport_5250a1-m12-ctnport_5430inport_5450i-tnport_5200_series_firmwarenport_5150anport_6100_series_firmwarenport_5630nport_p5110anport_5150a1-m12-tnport_5250a1-m12-tnport_5450a1-m12-ctnport_5650i-8-dtlnport_5130nport_5150nport_5210nport_5650-8-dtlnport_5150a1-m12-ctnport_5250anport_5150a1-m12-ct-tnport_5200a_series_firmwarenport_5230anport_p5150a_series_firmwarenport_5450a1-m12-ct-tnport_5250a1-m12-ct-tnport_5232inport_5450a1-m12nport_6150-tnport_5110anport_5600-8-dtl_series_firmwarenport_5400_series_firmwarenport_5450inport_5610-8-dtlnport_5650nport_5130anport_5450a1-m12-tnport_5600_series_firmwarenport_5150a1-m12nport_5230nport_5210anport_5x50a1-m12_series_firmwarenport_5450-tnport_6150nport_5100_series_firmwarenport_5110nport_5250a1-m12Moxa NPort
CWE ID-CWE-287
Improper Authentication
CVE-2016-9366
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.82%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5450nport_5610nport_5100a_series_firmwarenport_5430nport_5232nport_5410nport_5250a1-m12-ctnport_5430inport_5450i-tnport_5200_series_firmwarenport_5150anport_6100_series_firmwarenport_5630nport_p5110anport_5150a1-m12-tnport_5250a1-m12-tnport_5450a1-m12-ctnport_5650i-8-dtlnport_5130nport_5150nport_5210nport_5650-8-dtlnport_5150a1-m12-ctnport_5250anport_5150a1-m12-ct-tnport_5200a_series_firmwarenport_5230anport_p5150a_series_firmwarenport_5450a1-m12-ct-tnport_5250a1-m12-ct-tnport_5232inport_5450a1-m12nport_6150-tnport_5110anport_5600-8-dtl_series_firmwarenport_5400_series_firmwarenport_5450inport_5610-8-dtlnport_5650nport_5130anport_5450a1-m12-tnport_5600_series_firmwarenport_5150a1-m12nport_5230nport_5210anport_5x50a1-m12_series_firmwarenport_5450-tnport_6150nport_5100_series_firmwarenport_5110nport_5250a1-m12Moxa NPort
CVE-2016-9333
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.66% / 70.01%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).

Action-Not Available
Vendor-n/aMoxa Inc.
Product-softcmsMoxa SoftCMS prior to Version 1.6
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7506
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-06 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.

Action-Not Available
Vendor-ICS-CERTMoxa Inc.
Product-mxviewMoxa MXview
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8346
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.72%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).

Action-Not Available
Vendor-n/aMoxa Inc.
Product-edr-810_firmwareedr-810edr-810-vpnMoxa EDR-810 Industrial Secure Router
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-5455
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.64%
||
7 Day CHG~0.00%
Published-05 Mar, 2018 | 17:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-oncell_g3150-hspa_firmwareoncell_g3110-hspa-toncell_g3150-hspa-toncell_g3110-hspa-t_firmwareoncell_g3110-hspaoncell_g3150-hspa-t_firmwareoncell_g3150-hspaoncell_g3110-hspa_firmwareMoxa OnCell G3100-HSPA Series
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CWE ID-CWE-287
Improper Authentication
CVE-2016-8724
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-3.21% / 86.50%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131aawk-3131a_firmwareAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8725
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 57.93%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131aawk-3131a_firmwareAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8727
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.75%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131aawk-3131a_firmwareAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8722
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 58.04%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

Action-Not Available
Vendor-Moxa Inc.
Product-awk-3131aawk-3131a_firmwareAWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-18393
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 56.35%
||
7 Day CHG~0.00%
Published-19 Oct, 2018 | 14:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

Action-Not Available
Vendor-Moxa Inc.
Product-thingsproThingsPro IIoT Gateway and Device Management Software Solutions
CVE-2018-18390
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.08%
||
7 Day CHG~0.00%
Published-19 Oct, 2018 | 14:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

Action-Not Available
Vendor-Moxa Inc.
Product-thingsproThingsPro IIoT Gateway and Device Management Software Solutions
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-6979
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.08%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 20:21
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-eds-g516e_firmwareeds-g516eeds-510e_firmwareeds-510eMoxa EDS-G516E Series firmware, Version 5.2 or lower
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2016-5804
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.72%
||
7 Day CHG~0.00%
Published-15 Jul, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mgate_mb3280_firmwaremgate_mb3170mgate_mb3480_firmwaremgate_mb3180_firmwaremgate_mb3480mgate_mb3170_firmwaremgate_mb3270_firmwaremgate_mb3280mgate_mb3270mgate_mb3180n/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2016-5799
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.24%
||
7 Day CHG~0.00%
Published-24 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-oncell_g3001_firmwareoncell_g3100v2_firmwareoncell_g3211oncell_g3151oncell_g3251oncell_g3111oncell_g3100v2n/a
CWE ID-CWE-285
Improper Authorization
CVE-2016-5792
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.70% / 81.54%
||
7 Day CHG~0.00%
Published-08 Aug, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-softcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-4503
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.34% / 79.18%
||
7 Day CHG-0.47%
Published-12 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-device_server_web_console_5232-ndevice_server_web_console_5232-n_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-2286
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.77% / 72.48%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e1_4641_firmwaremiineport_e1_7080miineport_e2_1242_firmwaremiineport_e3miineport_e3_firmwaremiineport_e2_4561miineport_e1_7080_firmwaremiineport_e2_1242miineport_e2_4561_firmwaremiineport_e1_4641n/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-2283
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 61.01%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-iologik_firmwareiologik_e2210-tiologik_e2212-tiologik_e2242-tiologik_e2260iologik_e2214iologik_e2262iologik_e2240-tioadmin_firmwareiologik_e2242iologik_e2262-tiologik_e2260-tiologik_e2214-tiologik_e2240iologik_e2212iologik_e2210n/a
CVE-2016-2295
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.12%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e1_4641_firmwaremiineport_e2_1242_firmwaremiineport_e3miineport_e1_7080miineport_e3_firmwaremiineport_e2_4561miineport_e1_7080_firmwaremiineport_e2_1242miineport_e2_4561_firmwaremiineport_e1_4641n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-2282
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 67.58%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-iologik_firmwareiologik_e2210-tiologik_e2212-tiologik_e2242-tiologik_e2260iologik_e2214iologik_e2262iologik_e2240-tioadmin_firmwareiologik_e2242iologik_e2262-tiologik_e2260-tiologik_e2214-tiologik_e2240iologik_e2212iologik_e2210n/a
CVE-2018-10691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 74.55%
||
7 Day CHG~0.00%
Published-07 Jun, 2019 | 19:19
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-awk-3121awk-3121_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CVE-2018-11421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 77.27%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 15:24
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-oncell_g3150-hspa-t_firmwareoncell_g3150-hspaoncell_g3150-hspa_firmwareoncell_g3150-hspa-tn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-11420
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.93%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 15:25
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-oncell_g3150-hspa-t_firmwareoncell_g3150-hspaoncell_g3150-hspa_firmwareoncell_g3150-hspa-tn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-11422
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.70%
||
7 Day CHG-0.01%
Published-03 Jul, 2019 | 15:23
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-oncell_g3150-hspa-t_firmwareoncell_g3150-hspaoncell_g3150-hspa_firmwareoncell_g3150-hspa-tn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2016-0875
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.09%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-edr-g903_firmwareedr-g903n/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-0876
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.42%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-edr-g903_firmwareedr-g903n/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-27150
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.85%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 11:13
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_ia5150a_firmwarenport_ia5450a_firmwarenport_ia5250anport_ia5150anport_ia5250a_firmwarenport_ia5450aNPort IA5000A Series
CVE-2020-12117
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.91%
||
7 Day CHG~0.00%
Published-01 May, 2020 | 13:41
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_5100anport_5100a_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found