ByteOS Network

Vulnerability Details :

CVE-2025-0193

Assigner-Moxa

Assigner Org ID-2e0a0ee2-d866-482a-9f5e-ac03d156dbaa

Published At-15 Jan, 2025 | 11:05

Updated At-15 Jan, 2025 | 14:35

Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user's privileges.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Moxa

Assigner Org ID:2e0a0ee2-d866-482a-9f5e-ac03d156dbaa

Published At:15 Jan, 2025 | 11:05

Updated At:15 Jan, 2025 | 14:35

▼CVE Numbering Authority (CNA)

Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

Affected Products

Vendor

Moxa Inc.

Product

MGate 5121 Series

Default Status

unaffected

Versions

Affected

1.0 (custom)

Vendor

Moxa Inc.

Product

MGate 5122 Series

Default Status

unaffected

Versions

Affected

1.0 (custom)

Vendor

Moxa Inc.

Product

MGate 5123 Series

Default Status

unaffected

Versions

Affected

1.0 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
4.0	5.2	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Version: 4.0

Base score: 5.2

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Impacts

CAPEC ID	Description
CAPEC-592	CAPEC-592: Stored XSS

CAPEC ID: CAPEC-592

Description: CAPEC-592: Stored XSS

Solutions

Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. * MGate 5121 Series: Upgrade to the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-5121-series#resources or later version * MGate 5122 Series: Upgrade to the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ethernet-ip-gateways/mgate-5122-series#resources or later version * MGate 5123 Series: Upgrade to the firmware version 2.0 https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/profinet-gateways/mgate-5123-series#resources or later version

Workarounds

* Minimize network exposure to ensure the device is not accessible from the Internet. * Ensure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only.

Credits

finder

Dmitrii Mosichkin

References

Hyperlink	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series	vendor-advisory

Hyperlink: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@moxa.com

Published At:15 Jan, 2025 | 11:15

Updated At:15 Jan, 2025 | 11:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.2	MEDIUM	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 5.2

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	psirt@moxa.com

CWE ID: CWE-79

Type: Secondary

Source: psirt@moxa.com

References

Hyperlink	Source	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series	psirt@moxa.com	N/A

Hyperlink: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247733-cve-2025-0193-stored-cross-site-scripting-(xss)-vulnerability-in-the-mgate-5121-5122-5123-series

Source: psirt@moxa.com

Resource: N/A

Similar CVEs

6Records found

CVE-2024-3576

Matching Score-6

Assigner-Moxa Inc.

View Details

Matching Score-6

Assigner-Moxa Inc.

CVSS Score-8.3||HIGH

EPSS-0.10% / 27.60%

7 Day CHG-0.00%

Published-06 May, 2024 | 12:04

Updated-01 Aug, 2024 | 20:12

NPort 5100A Series Store XSS Vulnerability

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.

Vendor-Moxa Inc.

Product-NPort 5100A Series nport_5100a_series_firmware

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-41313

Matching Score-6

Assigner-Talos

View Details

Matching Score-6

Assigner-Talos

CVSS Score-4.3||MEDIUM

EPSS-0.99% / 75.90%

7 Day CHG~0.00%

Published-07 Feb, 2023 | 16:52

Updated-25 Mar, 2025 | 14:13

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact"

Vendor-Moxa Inc.

Product-sds-3008-t_firmware sds-3008 sds-3008_firmware sds-3008-t SDS-3008 Series Industrial Ethernet Switch

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-41311

Matching Score-6

Assigner-Talos

View Details

Matching Score-6

Assigner-Talos

CVSS Score-4.3||MEDIUM

EPSS-0.96% / 75.52%

7 Day CHG~0.00%

Published-07 Feb, 2023 | 16:52

Updated-25 Mar, 2025 | 15:36

Vendor-Moxa Inc.

Product-sds-3008-t_firmware sds-3008 sds-3008_firmware sds-3008-t SDS-3008 Series Industrial Ethernet Switch

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-41312

Matching Score-6

Assigner-Talos

View Details

Matching Score-6

Assigner-Talos

CVSS Score-4.3||MEDIUM

EPSS-0.96% / 75.52%

7 Day CHG~0.00%

Published-07 Feb, 2023 | 16:52

Updated-25 Mar, 2025 | 14:14

Vendor-Moxa Inc.

Product-sds-3008-t_firmware sds-3008 sds-3008_firmware sds-3008-t SDS-3008 Series Industrial Ethernet Switch

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2016-5819

Matching Score-6

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Matching Score-6

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-6.1||MEDIUM

EPSS-0.18% / 40.46%

7 Day CHG~0.00%

Published-21 Mar, 2019 | 13:23

Updated-06 Aug, 2024 | 01:15

Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server.

Vendor-Moxa Inc.

Product-oncell_g3151_firmware oncell_g3100v2 oncell_g3211_firmware oncell_g3111 oncell_g3251_firmware oncell_g3100v2_firmware oncell_g3211 oncell_g3151 oncell_g3251 oncell_g3111_firmware OnCell G3100V2 Series OnCell G3111/G3151/G3211/G3251 Series

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2016-8719

Matching Score-6

Assigner-Talos

View Details

Matching Score-6

Assigner-Talos

CVSS Score-7.5||HIGH

EPSS-0.32% / 53.98%

7 Day CHG~0.00%

Published-12 Apr, 2017 | 19:00

Updated-20 Apr, 2025 | 01:37

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.

Vendor-Moxa Inc.

Product-awk-3131a awk-3131a_firmware AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-0193

Credits

Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs