Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Moxa Inc.

#2e0a0ee2-d866-482a-9f5e-ac03d156dbaa
PolicyEmail

Short Name

Moxa

Program Role

CNA

Root

Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

Top Level Root

Cybersecurity and Infrastructure Security Agency (CISA)

Security Advisories

View Advisories

Domain

moxa.com

Country

Taiwan

Scope

Moxa products only.
Reported CVEsVendorsProductsReports
53Vulnerabilities found
CVE-2023-3336
Assigner-Moxa Inc.
ShareView Details
Assigner-Moxa Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.04%
||
7 Day CHG~0.00%
Published-05 Jul, 2023 | 09:11
Updated-20 Nov, 2024 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TN-5900 Series User Enumeration Vulnerability

TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.

Action-Not Available
Vendor-Moxa Inc.
Product-tn-5900_firmwaretn-5900TN-5900 Seriestn-5900
CWE ID-CWE-204
Observable Response Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2023-33236
Assigner-Moxa Inc.
ShareView Details
Assigner-Moxa Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 06:40
Updated-21 Jan, 2025 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MXsecurity Hardcoded Credential Vulnerability

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.

Action-Not Available
Vendor-Moxa Inc.
Product-mxsecurityMXsecurity Series
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-33235
Assigner-Moxa Inc.
ShareView Details
Assigner-Moxa Inc.
CVSS Score-7.2||HIGH
EPSS-0.64% / 69.54%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 05:38
Updated-21 Jan, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MXsecurity Command Injection Vulnerability

MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.

Action-Not Available
Vendor-Moxa Inc.
Product-mxsecurityMXsecurity Series
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • Next