Moxa Security Advisory

Moxa’s Response Regarding Remote Authentication Bypass in GNU Inetutils Telnetd (CVE-2026-24061)

Mon, 09 Mar 2026 14:23:20 GMT

CVE-2026-24061

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

(Source: www.cve.org)

Security Enhancement: Intel® Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)

Mon, 09 Mar 2026 10:55:32 GMT

The Intel® Management Engine on the remote host has Active Management Technology (AMT) enabled by default, and has self-reported the version for multiple vulnerabilities, including:

Insufficient protection for credentials in Intel® AMT and Intel® Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access (CVE-2022-30601).
Insufficient protection for credentials in Intel® AMT and Intel® Standard Manageability may allow a privileged user to potentially enable information disclosure via local access (CVE-2022-30944).
Improper access control in firmware for Intel® AMT and Intel® Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access (CVE-2022-28697).

(Source: Tenable Nessus)

Since this is a critical severity issue, users are strongly advised to immediately apply the solutions to mitigate associated security risks.

Security Enhancement: Intel® Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391)

Mon, 09 Mar 2026 10:47:13 GMT

The Intel® Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Intel® Active Management Technology (AMT) function, including the following:

Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel® ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. (CVE-2020-8752)
Out-of-bounds read in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. (CVE-2020-8747)
Out-of-bounds read in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. (CVE-2020-8749)

(Source: Tenable Nessus)

Since this is a critical severity issue, users are strongly advised to immediately apply the solutions to mitigate associated security risks.

Security Enhancement: Intel® BIOS Firmware DoS (INTEL-SA-00813)

Mon, 09 Mar 2026 10:37:26 GMT

Insufficient control flow management in the BIOS firmware for some Intel® processors may allow a privileged user to potentially enable denial of service (DoS) via local access. (Source: Tenable Nessus)

Since this is a medium severity issue, users can assess their environment and adopt the solution during the next maintenance cycle.

CVE-2026-0714, CVE-2026-0715: Multiple Vulnerabilities in Industrial Computers

Fri, 06 Feb 2026 00:41:15 GMT

This security advisory addresses two vulnerabilities identified in Industrial Computers.

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

CVE-2026-0715

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

Given the high severity of these issues, users should apply the solutions immediately to reduce security risks.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2026-0714	CWE-319: Cleartext Transmission of Sensitive Information	CAPEC-401: Physically Hacking Hardware
CVE-2026-0715	CWE-522: Insufficiently Protected Credentials	CAPEC-102: Session Sidejacking

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2026-0714	CVSS 4.0: 7.0	AV:P/AC:L/AT:N/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	High	No
CVE-2026-0715	CVSS 4.0: 7.0	AV:P/AC:L/AT:N/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	High	No

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2026-0714

CVSS 4.0: 7.0

AV:P/AC:L/AT:N/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

High

CVE-2026-0715

CVSS 4.0: 7.0

AV:P/AC:L/AT:N/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

High

CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability in Ethernet Switches

Wed, 04 Feb 2026 14:39:55 GMT

Multiple Moxa's Ethernet switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism. Despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation. This vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

Since this issue is considered high severity, users should immediately apply the solutions to mitigate associated security risks.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	CWE-656: Reliance on Security Through Obscurity	CAPEC-49: Password Brute Forcing

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2024-12297	CVSS 4.0: 9.2	AV:N/AC:L/AT:P/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:L/SI:L/SA:L	Yes

Base Score

Vector

Unauthenticated

Remote Exploits

CVE-2024-12297

CVSS 4.0: 9.2

AV:N/AC:L/AT:P/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Yes

CVE-2023-38408: OpenSSH Vulnerability in Ethernet Switches

Fri, 09 Jan 2026 17:51:24 GMT

This security advisory addresses a vulnerability identified in ethernet switches.

CVE-2023-38408

Because of an unreliable search path, the PKCS#11 feature in OpenSSH’s ssh-agent before 9.3p2 allows remote code execution if an agent is sent to a system controlled by an attacker. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: This issue exists because of an incomplete fix for CVE-2016-10009. (Source: cve.org)

CVE-2023-38408 is related to the SSH agent component and can only be exploited when SSH agent forwarding is enabled. However, in typical deployment scenarios, Moxa's ethernet switches operate as SSH servers and does not enable `ssh-agent` or agent forwarding functionality. Therefore, the practical risk is considered very low because the conditions required to trigger this vulnerability are not present by default. This issue is considered low risk, users may evaluate their environments and decide if updating is required.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2023-38408	CWE-428: Unquoted Search Path or Element	Remote code execution if an agent is forwarded to an attacker-controlled system.

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2023-38408	CVSS 3.1: 9.8	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Critical	Yes

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2023-38408

CVSS 3.1: 9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Yes

CVE-2025-15017: Active Debug Code Vulnerability in Serial Device Servers

Wed, 31 Dec 2025 14:55:36 GMT

This security advisory addresses a vulnerability identified in serial device servers.

CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Since this issue is considered high severity, users should immediately apply the solutions to mitigate associated security risks.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2025-15017	CWE-489: Active Debug Code	CAPEC-121: Exploit Non-Production Interfaces

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2025-15017	CVSS 4.0: 7.0	AV:P/AC:L/AT:N/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	High	No

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2025-15017

CVSS 4.0: 7.0

AV:P/AC:L/AT:N/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

High

CVE-2025-1977, CVE-2025-2026: Multiple Vulnerabilities in NPort 6100-G2/6200-G2 Series

Wed, 31 Dec 2025 14:36:32 GMT

This security advisory addresses two vulnerabilities identified in NPort 6100-G2/6200-G2 Series.

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified.

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS) condition.

Since these issues have high severity, we strongly advise users to immediately apply the solutions to mitigate associated security risks.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2025-1977	CWE-250: Execution with Unnecessary Privileges	CAPEC-122: Privilege Abuse
CVE-2025-2026	CWE-170: Improper Null Termination	An authenticated remote attacker with web read-only privileges can exploit the vulnerable API to inject malicious input. Successful exploitation may cause the device to reboot, disrupting normal operations and causing a temporary denial of service.

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2025-1977	CVSS 4.0: 7.7	AV:N/AC:L/AT:P/PR:L/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	High	No
CVE-2025-2026	CVSS 4.0: 7.1	AV:N/AC:L/AT:N/PR:L/UI:N/ VC:N/VI:N/VA:H/SC:N/SI:N/SA:N	High	No

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2025-1977

CVSS 4.0: 7.7

AV:N/AC:L/AT:P/PR:L/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

High

CVE-2025-2026

CVSS 4.0: 7.1

AV:N/AC:L/AT:N/PR:L/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

High

Security Enhancement: SSH Weak Algorithms Supported

Fri, 12 Dec 2025 10:22:15 GMT

The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all. (Source: Tenable Nessus)

Since this is a medium severity issue, users can assess their environment and schedule the update during the next maintenance or update cycle.

CVE-2025-9315: Unauthenticated Device Registration Vulnerability in MXsecurity Series

Wed, 10 Dec 2025 16:26:19 GMT

This security advisory addresses a vulnerability identified in the MXsecurity Series.

CVE-2025-9315

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON payload to the device's registration endpoint /api/v1/devices/register, allowing the attacker to register unauthorized devices without authentication. Although exploiting this vulnerability has limited modification of data, there is no impact to the confidentiality and availability of the affected device, as well as no loss of confidentiality, integrity, and availability within any subsequent systems.

Because the vulnerability is assessed as medium severity, users are suggested to evaluate their environment and schedule the update in the next maintenance or update cycle.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2025-9315	CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes	CAPEC-77: Manipulating User-Controlled Variables

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2025-9315	CVSS 4.0: 6.3	AV:N/AC:H/AT:N/PR:N/UI:N/ VC:N/VI:L/VA:N/SC:N/SI:N/SA:N	Medium	Yes

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2025-9315

CVSS 4.0: 6.3

AV:N/AC:H/AT:N/PR:N/UI:N/

VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Medium

Yes

Security Enhancement: Web Application Potentially Vulnerable to Clickjacking

Thu, 27 Nov 2025 16:22:10 GMT

The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions. (Source: Tenable Nessus)

Since this is a medium severity issue, users can assess their environment and schedule the update during the next maintenance or update cycle.

Security Enhancement: Web Server Allows Password Auto-Completion

Thu, 27 Nov 2025 16:05:58 GMT

The remote web server contains at least one HTML form field that has an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not represent a risk to this web server per se, it meansusers who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or if their machine is compromised at some point. (Source: Tenable Nessus)

Because the issue is assessed as low severity, users can evaluate their environments and decide if an update is required.

Security Enhancement: Web Server Transmits Cleartext Credentials

Thu, 27 Nov 2025 15:57:36 GMT

The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping on the traffic between a web browser and server may obtain logins and passwords of valid users. (Source: Tenable Nessus)

Because the issue has low severity, users can assess their environments and decide if an update is needed.

Security Enhancement: SSL/TLS Weak Key Exchange Supported

Fri, 31 Oct 2025 14:07:30 GMT

The device supports SSL/TLS key exchanges that are cryptographically weaker than recommended. Key exchanges must be recommended by IANA and should provide at least 224 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges. (Source: Tenable Nessus)

As this issue is assessed as low severity, users may evaluate their environments and decide if updating is required.

CVE-2025-1679, CVE-2025-1680: Stored Cross-site Scripting (XSS) and Host Header Injection Vulnerabilities in Ethernet Switch

Thu, 23 Oct 2025 21:43:27 GMT

This security advisory addresses two vulnerabilities identified in Moxa’s Ethernet switches.

CVE-2025-1679

Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system.

CVE-2025-1680

An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems.

Because the issues are assessed as medium to low severity, users can evaluate their environment and schedule the update in the next maintenance or update cycle.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2025-1679	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	CAPEC-63: Cross-Site Scripting (XSS)
CVE-2025-1680	CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data	CAPEC-154: Resource Location Spoofing

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2025-1679	CVSS 4.0: 4.8	AV:N/AC:L/AT:N/PR:H/UI:P/ VC:N/VI:N/VA:N/SC:L/SI:L/SA:N	Medium	No
CVE-2025-1680	CVSS 4.0: 0.0	AV:N/AC:L/AT:P/PR:L/UI:P/ VC:N/VI:N/VA:N/SC:N/SI:N/SA:N	Low	No

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2025-1679

CVSS 4.0: 4.8

AV:N/AC:L/AT:N/PR:H/UI:P/

VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Medium

CVE-2025-1680

CVSS 4.0: 0.0

AV:N/AC:L/AT:P/PR:L/UI:P/

VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Low

Security Enhancement: Modbus/TCP Discrete Input Access

Tue, 21 Oct 2025 18:25:42 GMT

Using function code 2, Modbus can read the discrete inputs from a Modbus slave, which is commonly used by SCADA and DCS field devices. Discrete inputs represent binary (i.e boolean) values that often map to switches, relays, or other sensors. A sample of discrete inputs read from the device are provided by the plugin output. The ability to read discrete inputs may help an attacker profile a system. (Source: Tenable Nessus)

As this issue is assessed as medium severity, users may evaluate their environment and schedule the update in the next maintenance or update cycle.

Security Enhancement: Modbus/TCP Device Identification

Tue, 21 Oct 2025 18:22:36 GMT

It is possible to send a Modbus Encapsulated Interface read request with MEI type 14 to get the device's Vendor Name, Product Code, and Major and Minor Revision. If supported, the data can include Vendor URL, Product Name, Model Name, and User Application Name. The alternative is to detect Modbus on valid error responses from a device not supporting the function code 43 and MEI 14. (Source: Tenable Nessus)

As this issue is assessed as medium severity, users may evaluate their environment and schedule the update in the next maintenance or update cycle.

Security Enhancement: SNMP Agent Default Community Name (public)

Tue, 21 Oct 2025 18:18:07 GMT

It is very easily possible to obtain the default community name of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allows such modifications). (Source: Tenable Nessus)

As this issue is assessed as high severity, users are strongly advised to immediately apply the solutions to mitigate associated security risks.

Security Enhancement: SSH Weak MAC Algorithms Enabled

Tue, 21 Oct 2025 18:10:51 GMT

The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. (Source: Tenable Nessus)

As this issue is assessed as low severity, users may evaluate their environments and decide if updating is required.

Security Enhancement: SSH Weak Key Exchange Algorithms Enabled

Tue, 21 Oct 2025 18:05:37 GMT

The remote SSH server is configured to allow key exchange algorithms that are considered weak. This is based on the IETF draft document Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) RFC9142. Section 4 lists guidance on key exchange algorithms that should not and must not be enabled. (Source: Tenable Nessus)

As this issue is assessed as low severity, users may evaluate their environments and decide if updating is required.

Security Enhancement: SSH Server CBC Mode Ciphers Enabled

Tue, 21 Oct 2025 17:59:37 GMT

The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. (Source: Tenable Nessus)

As this issue is assessed as low severity, users may evaluate their environments and decide if updating is required.

Security Enhancement: ICMP Timestamp Request Remote Date Disclosure

Tue, 21 Oct 2025 17:48:11 GMT

The product responds to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols. (Source: Tenable Nessus)

As this issue is assessed as low severity, users may evaluate their environments and decide if updating is required.

CVE-2025-6892, CVE-2025-6893, CVE-2025-6894, CVE-2025-6949, CVE-2025-6950: Multiple Vulnerabilities in Network Security Appliances and Routers

Fri, 17 Oct 2025 09:50:17 GMT

This security advisory addresses five vulnerabilities identified in Moxa’s network security appliances and routers.

CVE-2025-6892

An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system fails to properly validate session context or privilege boundaries. An attacker may leverage this flaw to perform unauthorized privileged operations. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.

CVE-2025-6893

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to call the API without the required permissions, thereby gaining the ability to access or modify system configuration data. Successful exploitation may lead to privilege escalation, allowing the attacker to access or modify sensitive system settings. While the overall impact is high, there is no loss of confidentiality or integrity within any subsequent systems.

CVE-2025-6894

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems.

CVE-2025-6949

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.

CVE-2025-6950

An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.

Given the severity of these vulnerabilities, users are strongly advised to apply the latest firmware updates immediately to mitigate associated security risks.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2025-6892	CWE-863: Incorrect Authorization	CAPEC-39: Manipulating Opaque Client-based Data Tokens
CVE-2025-6893	CWE-250: Execution with Unnecessary Privileges	CAPEC-233: Privilege Escalation
CVE-2025-6894	CWE-250: Execution with Unnecessary Privileges	CAPEC-233: Privilege Escalation
CVE-2025-6949	CWE-250: Execution with Unnecessary Privileges	CAPEC-233: Privilege Escalation
CVE-2025-6950	CWE-798: Use of Hard-coded Credentials	CAPEC-37: Retrieve Embedded Sensitive Data

CVE ID

Vulnerability Type

Impact

CVE-2025-6892

CWE-863:

Incorrect Authorization

CAPEC-39:

Manipulating Opaque Client-based Data Tokens

CVE-2025-6893

CWE-250:

Execution with Unnecessary Privileges

CAPEC-233:

Privilege Escalation

CVE-2025-6894

CWE-250:

Execution with Unnecessary Privileges

CAPEC-233:

Privilege Escalation

CVE-2025-6949

CWE-250:

Execution with Unnecessary Privileges

CAPEC-233:

Privilege Escalation

CVE-2025-6950

CWE-798:

Use of Hard-coded Credentials

CAPEC-37:

Retrieve Embedded Sensitive Data

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2025-6892	CVSS:4.0: 8.7	AV:N/AC:L/AT:P/PR:N/UI:P/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:H	High	Yes
CVE-2025-6893	CVSS:4.0: 9.3	AV:N/AC:L/AT:N/PR:L/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:H	Critical	No
CVE-2025-6894	CVSS:4.0: 5.3	AV:N/AC:L/AT:N/PR:L/UI:N/ VC:L/VI:N/VA:L/SC:N/SI:N/SA:N	Medium	No
CVE-2025-6949	CVSS:4.0: 9.3	AV:N/AC:L/AT:N/PR:L/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:H	Critical	No
CVE-2025-6950	CVSS:4.0: 9.9	AV:N/AC:L/AT:N/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:H	Critical	Yes

Security Enhancement: SSH Known Hard Coded Private Keys

Thu, 09 Oct 2025 11:49:43 GMT

The product is running a service that is using a publicly known SSH private key. An attacker may use this key to decrypt intercepted traffic between users and the device. A remote attacker can also perform a man-in-the-middle attack in order to gain access to the system or modify data in transit.

(Source: Tenable Nessus)

To enhance the security of the product, users should implement appropriate mitigations or solutions to avoid potential security issue.

Security Enhancement: SSL Medium Strength Cipher Suites Supported (SWEET32)

Thu, 09 Oct 2025 11:37:40 GMT

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to get cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, also known as a "Sweet32" attack.

(Source: CVE-2016-2183)

To enhance the security of the product, users should implement appropriate mitigations or solutions to avoid potential security issue.

CVE-2025-5191: Unquoted Search Path Vulnerability in the Utility for Industrial Computers (Windows)

Mon, 25 Aug 2025 12:03:32 GMT

This security advisory addresses one vulnerability identified in the utility for Moxa’s industrial computers (Windows).

CVE-2025-5191

An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems.

Given the severity of the vulnerability, users are strongly advised to immediately apply the latest version of the utility that includes a fix for this issue to mitigate associated security risks.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2025-5191	CWE-428: Unquoted Search Path or Element	CAPEC-233: Privilege Escalation

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2025-5191	CVSS:4.0: 7.3	AV:L/AC:L/AT:P/PR:L/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	High	No

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2025-5191

CVSS:4.0: 7.3

AV:L/AC:L/AT:P/PR:L/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

High

CVE-2002-20001: Resource Exhaustion Vulnerability in Diffie-Hellman Key Exchange Protocol

Mon, 02 Jun 2025 17:18:35 GMT

A resource exhaustion vulnerability, CVE-2002-20001, exists in the implementation of the Diffie-Hellman key exchange protocol.

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys and trigger expensive server-side DHE modular-exponentiation calculations, also known as a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive where a client can require a server to select its largest supported key size. The basic attack scenario requires the client to claim DHE-only communication capabilities, and the server must be configured to permit DHE.

This vulnerability affects any product or service that accepts DHE cipher suites. To mitigate the risk, Moxa has released solutions for the affected products. We recommend applying the appropriate solutions immediately.

The Identified Vulnerability Type and Potential Impact

CVE ID	Vulnerability Type	Impact
CVE-2002-20001	CWE-400: Uncontrolled Resource Consumption	An attacker can force the server to perform high-cost modular exponentiation operations. This leads to significant CPU usage on the server side, potentially degrading service availability or resulting in a complete denial of service.

Vulnerability Scoring Details

CVE ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2002-20001	CVSS:3.1: 7.5	AV:N/AC:L/PR:N/UI:N/S:U/ C:N/I:N/A:H	High	Yes

CVE ID

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2002-20001

CVSS:3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/ C:N/I:N/A:H

High

Yes

CVE-2025-0415: Command Injection Leading to Denial-of-Service in Secure Routers, Cellular Routers, and Network Security Appliances

Wed, 02 Apr 2025 14:00:00 GMT

Multiple Moxa secure routers, cellular routers, and network security appliances are affected by a critical-severity vulnerability, CVE-2025-0415, which could allow an authenticated with administrative access to the web interface to execute arbitrary system commands on affected devices.

To mitigate these risks, Moxa has released solutions for the affected products. It is strongly recommended to update to the latest version as soon as possible.

The identified vulnerability types and potential impacts are listed below:

CVE ID	Vulnerability Type	Impact
CVE-2025-0415	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, resulting in a complete loss of connectivity for downstream systems that depend on its network services.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2025-0415	CVSS 4.0: 9.2	AV:N/AC:L/AT:N/PR:H/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:H	No

Base Score

Vector

Unauthenticated

Remote Exploits

CVE-2025-0415

CVSS 4.0: 9.2

AV:N/AC:L/AT:N/PR:H/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

CVE-2025-0676: Command Injection Leading to Privilege Escalation in Secure Routers, Cellular Routers, Network Security Appliances

Wed, 02 Apr 2025 14:00:00 GMT

Multiple Moxa secure routers, cellular routers, and network security appliances are affected by a high-severity vulnerability, CVE-2025-0676, which could allow attackers to execute arbitrary systems commands and gain root-level access.

To mitigate these risks, Moxa has released solutions for the affected products. It is strongly recommended to update to the latest version as soon as possible.

The identified vulnerability types and potential impacts are listed below:

CVE ID	Vulnerability Type	Impact
CVE-2025-0676	CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2025-0676	CVSS 4.0: 8.6	AV:N/AC:L/AT:N/PR:H/UI:N/ VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	No

Base Score

Vector

Unauthenticated Remote Exploits

CVE-2025-0676

CVSS 4.0: 8.6

AV:N/AC:L/AT:N/PR:H/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability Identified in PT Switches

Thu, 06 Mar 2025 16:20:20 GMT

Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism. Despite client-side and back-end server verification, attackers can exploit weaknesses in its implementation. This vulnerability may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	CWE-656: Reliance on Security Through Obscurity (CVE-2024-12297)	Exploitation of this vulnerability could allow attackers to bypass authentication, perform brute-force or MD5 collision attacks, and gain unauthorized access to sensitive configurations or disrupt services.

Vulnerability Scoring Details

ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2024-12297	CVSS 4.0: 9.2	AV:N/AC:L/AT:P/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:L/SI:L/SA:L	Critical	Yes

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2024-12297

CVSS 4.0: 9.2

AV:N/AC:L/AT:P/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Critical

Yes

CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in EN 50155 Switches

Sat, 22 Feb 2025 22:34:45 GMT

EN 50155 Switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows writing data beyond buffer boundaries. Successful exploitation could result in a denial-of-service (DoS) attack.

This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Given the severity of this issue, immediate action is strongly recommended to mitigate potential exploitation.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	Out-of-bounds Write (CWE-787) CVE-2024-7695	An out-of-bounds write vulnerability caused by insufficient input validation allows attackers to overwrite memory beyond the buffer’s bounds. Successful exploitation of this vulnerability could lead to a denial-of-service (DoS) condition, disrupting normal operations.

Item

Vulnerability Type

Impact

Out-of-bounds Write (CWE-787)

CVE-2024-7695

An out-of-bounds write vulnerability caused by insufficient input validation allows attackers to overwrite memory beyond the buffer’s bounds. Successful exploitation of this vulnerability could lead to a denial-of-service (DoS) condition, disrupting normal operations.

Vulnerability Scoring Details

ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2024-7695	CVSS 3.1: 7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	High	Yes
CVSS 4.0: 8.7	AV:N/AC:L/AT:N/PR:N/UI:N/ VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2024-7695

CVSS 3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

High

Yes

CVSS 4.0: 8.7

AV:N/AC:L/AT:N/PR:N/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple PT Switches

Wed, 19 Feb 2025 21:19:32 GMT

Multiple PT switches are affected by a high-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a system or service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment purposes. Due to insufficient input validation, this service can be exploited to trigger a cold start or denial-of-service condition.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	CWE-1287: Improper Validation of Specified Type of Input (CVE-2024-9404)	This vulnerability (CVE-2024-9404) could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.

Vulnerability Scoring Details

ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2024-9404	CVSS 3.1: 7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	High	Yes
CVSS 4.0: 8.7	AV:N/AC:L/AT:N/PR:N/UI:N/ VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2024-9404

CVSS 3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

High

Yes

CVSS 4.0: 8.7

AV:N/AC:L/AT:N/PR:N/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

CVE-2024-7695: Out-of-bounds Write Vulnerability in Multiple EDS, ICS, IKS, and SDS Switches

Fri, 07 Feb 2025 14:00:00 GMT

Multiple Moxa EDS, ICS, IKS, and SDS switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows writing data beyond buffer boundaries. Successful exploitation could result in a denial-of-service (DoS) attack.

This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation.

The Identified Vulnerability Type and Potential Impact

Vulnerability Type	Impact
Out-of-bounds Write (CWE-787) CVE-2024-7695	An out-of-bounds write vulnerability caused by insufficient input validation allows attackers to overwrite memory beyond the buffer’s bounds. Successful exploitation of this vulnerability could lead to a denial-of-service (DoS) condition, disrupting normal operations.

Vulnerability Type

Impact

Out-of-bounds Write (CWE-787)

CVE-2024-7695

Vulnerability Scoring Details

ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2024-7695	CVSS 3.1: 7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	High	Yes
CVSS 4.0: 8.7	AV:N/AC:L/AT:N/PR:N/UI:N/ VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2024-7695

CVSS 3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

High

Yes

CVSS 4.0: 8.7

AV:N/AC:L/AT:N/PR:N/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

CVE-2024-9404: Denial-of-Service Vulnerability Identified in Multiple EDS, ICS, IKS, and SDS Switches

Fri, 07 Feb 2025 14:00:00 GMT

Multiple Moxa EDS, ICS, IKS, and SDS switches are affected by a high-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a system or service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment purposes. Due to insufficient input validation, this service can be exploited to trigger a cold start or denial-of-service condition.

This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation.

The Identified Vulnerability Type and Potential Impact

Vulnerability Type	Impact
CWE-1287: Improper Validation of Specified Type of Input (CVE-2024-9404)	This vulnerability (CVE-2024-9404) could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.

Vulnerability Scoring Details

ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2024-9404	CVSS 3.1: 7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	High	Yes
CVSS 4.0: 8.7	AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2024-9404

CVSS 3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

High

Yes

CVSS 4.0: 8.7

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

CVE-2024-7695: Out-of-bounds Write Vulnerability Identified in Multiple PT Switches

Wed, 29 Jan 2025 15:11:32 GMT

Multiple PT switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.

This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent its potential exploitation.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	Out-of-bounds Write (CWE-787) CVE-2024-7695	An out-of-bounds write vulnerability caused by insufficient input validation allows attackers to overwrite memory beyond the buffer’s bounds. Successful exploitation of this vulnerability could lead to a denial-of-service (DoS) condition, disrupting normal operations.

Item

Vulnerability Type

Impact

Out-of-bounds Write (CWE-787)

CVE-2024-7695

Vulnerability Scoring Details

ID	Base Score	Vector	Severity	Unauthenticated Remote Exploits
CVE-2024-7695	CVSS 3.1: 7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	High	Yes
CVSS 4.0: 8.7	AV:N/AC:L/AT:N/PR:N/UI:N/ VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Base Score

Vector

Severity

Unauthenticated

Remote Exploits

CVE-2024-7695

CVSS 3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

High

Yes

CVSS 4.0: 8.7

AV:N/AC:L/AT:N/PR:N/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

CVE-2024-9137: Missing Authentication Vulnerability in Ethernet Switches

Fri, 17 Jan 2025 08:24:28 GMT

Moxa’s Ethernet switches are affected by a critical vulnerability, CVE-2024-9137, which could result in unauthorized access and system compromise. This vulnerability allows attackers to manipulate device configurations without requiring authentication. Given the significant security risks, immediate action is strongly recommended to mitigate potential exploitation.

The identified vulnerability types and potential impacts are listed below:

Item	Vulnerability Type	Impact
1	CWE-306: Missing Authentication for Critical Function (CVE-2024-9137)	The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2024-9137	CVSS 3.1: 9.4	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H	Yes
CVE-2024-9137	CVSS 4.0: 8.8	AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N	Yes

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

CVE-2025-0193: Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

Wed, 15 Jan 2025 18:48:09 GMT

A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user's privileges.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2025-0193)	Exploitation of this vulnerability may result in unauthorized actions or other impacts, depending on the user's privileges.

Vulnerability Scoring Details

ID	CVSS	Vector	Severity	Unauthenticated Remote Exploit
CVE-2025-0193	CVSS 4.0: 5.2	AV:N/AC:H/AT:N/PR:H/UI:P/ VC:N/VI:N/VA:N/SC:H/SI:H/SA:H	Medium	No

CVSS

Vector

Severity

Unauthenticated

Remote Exploit

CVE-2025-0193

CVSS 4.0: 5.2

AV:N/AC:H/AT:N/PR:H/UI:P/

VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Medium

CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability in EDS-508A Series

Wed, 15 Jan 2025 14:30:00 GMT

Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

The identified vulnerability types and potential impacts are listed below:

Item	Vulnerability Type	Impact
1	CWE-656: Reliance on Security Through Obscurity (CVE-2024-12297)	Exploitation of this vulnerability could allow attackers to bypass authentication, perform brute-force or MD5 collision attacks, and gain unauthorized access to sensitive configurations or disrupt services.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2024-12297	9.2	AV:N/AC:L/AT:P/PR:N/UI:N/ VC:H/VI:H/VA:H/SC:L/SI:L/SA:L	Yes

Base Score

Vector

Unauthenticated Remote Exploits

CVE-2024-12297

9.2

AV:N/AC:L/AT:P/PR:N/UI:N/

VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Yes

Security Enhancements for PT-7528/7728/7828 Series – SNMP, Telnet, and SSL Certificate

Thu, 09 Jan 2025 19:12:59 GMT

To enhance the security of the product, users of PT-7528/7728/7828 Series should implement the mitigations described in User Manuel v9.9 to avoid the following security issues:

SNMP

SNMP Agent Default Community Name (public)
SNMP ‘GETBULK’ Reflection DDoS

Telnet

Unencrypted Telnet Server

SSL Certificate

SSL Certificate Cannot Be Trusted
SSL Certificate Chain Contains RSA Keys Less Than 2048 Bits

Privilege Escalation and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances

Fri, 03 Jan 2025 14:28:46 GMT

Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that pose a significant security risk.

CVE-2024-9138: This vulnerability involves hard-coded credentials, which could allow an authenticated user to escalate privileges and gain root-level access to the system.
CVE-2024-9140: This vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution.

Immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.

The identified vulnerability types and potential impacts are listed below:

Item	Vulnerability Type	Impact
1	CWE-656: Reliance on Security Through Obscurity (CVE-2024-9138)	Exploitation of hard-coded credentials could allow an authenticated user to gain root-level access, leading to system compromise, unauthorized modifications, data exposure, or service disruption.
2	CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CVE-2024-9140)	The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2024-9138	CVSS 3.1: 7.2	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	No
CVE-2024-9138	CVSS 4.0: 8.6	AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	No
CVE-2024-9140	CVSS 3.1: 9.8	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Yes
CVE-2024-9140	CVSS 4.0: 9.3	AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	Yes

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

TN-G4500 Series Cryptographic Algorithm Security Enhancement

Mon, 30 Dec 2024 09:39:37 GMT

Security Enhancement

TN-G4500 Series has enhanced its cryptographic algorithm and cipher suite.

CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series

Wed, 04 Dec 2024 11:30:39 GMT

Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service.

This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	CWE-1287: Improper Validation of Specified Type of Input (CVE-2024-9404)	This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentically allowing attackers to shut down affected systems.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2024-9404	CVSS 4.0: 6.9	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	Yes
CVE-2024-9404	CVSS 3.1: 5.3	AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N	Yes

Security Enhancements in the EDS-P510 Series - Modbus/TCP Access, Device Identification, and Unencrypted Telnet Server

Fri, 08 Nov 2024 08:11:56 GMT

The EDS-P510 Series has been enhanced to address several key vulnerabilities:

Modbus/TCP Coil Access: Attackers could read and analyze coil settings, which may allow them to alter device functions in SCADA and DCS environments.
Modbus/TCP Device Identification: Attackers could retrieve device details via Modbus MEI read requests, potentially exposing Vendor Name, Product Code, and other identifying information.
Unencrypted Telnet Server: Using Telnet over an unencrypted channel can expose sensitive information, such as credentials, to interception. SSH is recommended as a secure alternative.

These updates aim to improve the EDS-P510 Series’ resilience against vulnerabilities, thereby enhancing its overall security.

Vulnerability Scoring Details

Vulnerability	Base Score	Vector	Unauthenticated Remote Exploits
Modbus/TCP Device Identification	CVSS 3.1: 5.8	AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N	Yes
Modbus/TCP Coil Access	CVSS 3.1: 5.3	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Yes
Unencrypted Telnet Server	CVSS 3.1: 6.5	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	Yes

Vulnerabilities Identified in MDS-G4028-L3 Series and EDS-G512E - SSH Prefix Truncation, EOL Nginx Software, and Weak SSL/TLS Key Exchange

Mon, 04 Nov 2024 09:06:29 GMT

The MDS-G4028-L3 series and EDS-G512E series are affected by vulnerabilities that pose potential security risks. The MDS-G4028-L3 series is vulnerable to CVE-2023-48795, which could allow unauthorized access, as well as an outdated version of Nginx (CVE-2021-23017, CVE-2021-3618, and CVE-2019-20372), exposing it to unpatched threats. The EDS-G512E series is impacted by a weak SSL/TLS key exchange, which could compromise encrypted communications and potentially allow data interception.

The identified vulnerability types and potential impacts are listed below:

Item	Vulnerability Type	Impact
1	CWE-354 Improper Validation of Integrity Check Value (CVE-2023-48795)	Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected.
2	CWE-193 Off-by-one Error (CVE-2021-23017)	This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
3	CWE-295 Improper Certificate Validation (CVE-2021-3618)	Bypass protection mechanism or gain privileges or assume identity.
4	CWE-444 Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) (CVE-2019-20372)	An attacker could create HTTP messages to exploit a number of weaknesses including 1) the message can trick the web server to associate a URL with another URL's webpage and caching the contents of the webpage (web cache poisoning attack), 2) the message can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the message can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack).
5	CWE-326: Inadequate Encryption Strength	An attacker may be able to decrypt the data using brute force attacks.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2023-48795	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	Yes
CVE-2021-23017	7.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L	Yes
CVE-2021-3618	7.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N	Yes
CVE-2019-20372	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Yes

Multiple Moxa Ethernet Switches Affected by CVE-2023-48795 and CVE-2019-20372

Fri, 01 Nov 2024 08:47:52 GMT

Multiple Moxa Ethernet switches are affected by the CVE-2023-48795 and CVE-2019-20372 vulnerabilities. These vulnerabilities pose potential security risks that could impact the integrity and functionality of the affected products.

The identified vulnerability types and potential impacts are listed below:

Item	Vulnerability Type	Impact
1	Improper Validation of Integrity Check Value (CWE-354) CVE-2023-48795	This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.
2	Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) (CWE-444) CVE-2019-20372	This can allow HTTP request smuggling, leading to unauthorized access to web pages, bypassing security controls, and potential for further attacks.

Item

Vulnerability Type

Impact

Improper Validation of Integrity Check Value (CWE-354)

CVE-2023-48795

This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security.

Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) (CWE-444)

CVE-2019-20372

This can allow HTTP request smuggling, leading to unauthorized access to web pages, bypassing security controls, and potential for further attacks.

Vulnerability Scoring Details

ID	CVSS	Vector	Unauthenticated Remote Exploits
CVE-2023-48795	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	Yes
CVE-2019-20372	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Yes

NE-4100 Series and MiiNePort Series Affected by CVE-2016-9361

Mon, 21 Oct 2024 21:44:38 GMT

This security advisory addresses CVE-2016-9361 affecting the NE-4100 Series, MiiNePort E1 Series, MiiNePort E2 Series, and MiiNePort E3 Series. The vulnerability allows an attacker to retrieve administration passwords without proper authentication. This flaw potentially compromises the security of the affected devices by enabling unauthorized access to administrative controls, allowing malicious actors to alter configurations or disrupt operations.

The Identified Vulnerability Type and Potential Impact

Item

Vulnerability Type

Impact

Improper Authentication (CWE-287)

CVE-2016-9361

The administration passwords can be retried without authenticating

Vulnerability Scoring Details

CVSS v3.0

Vector

Severity

Unauthenticated

Remote Exploit

CVE-2016-9361

9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Critical

Yes

MXsecurity Series Multiple Vulnerabilities

Fri, 18 Oct 2024 15:56:21 GMT

MXsecurity Series version 1.1.0 and prior are affected by two vulnerabilities.

CVE-2024-4739

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.

CVE-2024-4740

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Exposed Dangerous Method or Function (CWE-749)

CVE-2024-4739

An attacker could gain access to the resource.

Use of Hard-coded Credentials (CWE-798)

CVE-2024-4740

An attacker could tamper with sensitive data.

Vulnerability Scoring Details

CVSS v3.1

Vector

Severity

Unauthenticated

Remote Exploit

CVE-2024-4739

5.3

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Yes

CVE-2024-4740

5.3

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Medium

Yes

Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances

Mon, 14 Oct 2024 15:28:57 GMT

Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that could lead to unauthorized access and system compromise. The first vulnerability, CVE-2024-9137, allows attackers to manipulate device configurations without authentication. The second vulnerability, CVE-2024-9139, permits OS command injection through improperly restricted commands, potentially enabling attackers to execute arbitrary codes. These vulnerabilities pose a significant security risk, and it is highly recommended to take immediate action in order to prevent potential exploitation.

The identified vulnerability types and potential impacts are listed below:

Item

Vulnerability Type

Impact

CWE-306: Missing Authentication for Critical Function

(CVE-2024-9137)

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

(CVE-2024-9139)

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Vulnerability Scoring Details

ID	CVSS	Vector	Unauthenticated Remote Exploits
CVE-2024-9137	CVSS 3.1: 9.4	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H	Yes
CVE-2024-9137	CVSS 4.0: 8.8	AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N	Yes
CVE-2024-9139	CVSS 3.1: 7.2	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	No
CVE-2024-9139	CVSS 4.0: 8.6	AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N	No

TN-5900 Series Affected by Multiple OpenSSL Vulnerabilities

Fri, 04 Oct 2024 18:41:22 GMT

This security advisory addresses multiple OpenSSL vulnerabilities affecting the TN-5900 Series, specifically CVE-2022-4304, CVE-2023-0215, and CVE-2023-0286. These vulnerabilities pose significant security risks, including potential plaintext recovery through timing-based side-channel attacks, improper memory management leading to memory corruption, and type confusion vulnerabilities that could allow unauthorized memory access or denial of service attacks.

The Identified Vulnerability Type and Potential Impact

Item	Vulnerability Type	Impact
1	Observable Discrepancy (CWE-203) CVE-2022-4304	After a sufficiently large number of messages, the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
2	Use After Free (CWE-416) CVE-2023-0215	If the caller then calls BIO_pop() on the BIO, a use-after-free will occur. This will most likely result in a crash.
3	Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843) CVE-2023-0286	This vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service.

Vulnerability Scoring Details

Base

Score

CVSS:3.1 Vector

Severity

Unauthenticated

Remote Exploit

CVE-2022-4304

5.9

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Medium

Yes

CVE-2023-0215

7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

High

Yes

CVE-2023-0286

7.4

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

High

Yes

Multiple Vulnerabilities in MXview One and MXview One Central Manager Series

Sat, 21 Sep 2024 13:30:00 GMT

The impact of CVE-2024-6785, CVE-2024-6786, and CVE-2024-6787 vulnerabilities is detailed in this advisory. These vulnerabilities lead to various attacks, including the exposure of local credentials and arbitrary file writing to the system via the Message Queuing Telemetry Transport (MQTT) protocol. The affected products are MXview One and MXview One Central Manager Series. 

The identified vulnerability types and potential impacts are listed below:

Item	Vulnerability Type	Impact
1	CWE-313: Cleartext Storage in a File or on Disk (*CVE-2024-6785)	The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused because of sensitive information exposure.
2	CWE-24: Path Traversal: ‘../filedir’ (*CVE-2024-6786)	The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
3	CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (*CVE-2024-6787)	This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.

Note: An asterisk (*) in the table above indicates newly assigned Common Vulnerabilities and Exposures (CVE) identifiers.

Vulnerability Scoring Details

ID	Base Score	Vector	Unauthenticated Remote Exploits
CVE-2024-6785	CVSS 3.1: 5.5	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	No
CVE-2024-6785	CVSS 4.0: 6.8	AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N	No
CVE-2024-6786	CVSS 3.1: 6.5	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	No
CVE-2024-6786	CVSS 4.0: 6.0	AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N	No
CVE-2024-6787	CVSS 3.1: 5.3	AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N	No
CVE-2024-6787	CVSS 4.0: 6.0	AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N	No

OnCell 3120-LTE-1 Series Multiple Vulnerabilities

Wed, 04 Sep 2024 18:17:21 GMT

OnCell 3120-LTE-1 Series firmware version 2.3 and prior are affected by multiple vulnerabilities in the old version of jQuery. These vulnerabilities could put your security at risk in many ways, such as Cross-site Scripting (XSS) attacks and prototype pollution.

The identified vulnerability types and potential impacts are listed below:

Item	Vulnerability Type	Impact
1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2020-7656, CVE-2020-11022, CVE-2020-11023 (jQuery)	An attacker located remotely can insert HTML or JavaScript into the system via a web interface.
2	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) CVE-2019-11358 (jQuery)	An attacker can inject attributes that are used in other components.

Vulnerability Scoring Details

ID	CVSS	v3.1 Vector	Unauthenticated Remote Exploit
CVE-2019-11358	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes
CVE-2020-7656	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes
CVE-2020-11022	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes
CVE-2020-11023	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes

Multiple Moxa Product Series Affected by CVE-2024-6387

Fri, 02 Aug 2024 14:00:00 GMT

Multiple Moxa products are affected by the CVE-2024-6387 OpenSSH vulnerability. CVE-2024-6387 is a remote unauthenticated code execution vulnerability in OpenSSH, specifically related to a race condition in the OpenSSH server (sshd). The issue arises when a client fails to authenticate within the LoginGraceTime period (default is 120 seconds, or 600 seconds in older OpenSSH versions). In this case, the sshd’s SIGALRM signal handler is invoked asynchronously. However, this signal handler calls several functions that are unsafe to use in asynchronous signal contexts, such as syslog().

The identified vulnerability types and potential impacts are listed below:

Item

Vulnerability Type

Impact

Signal Handler Race Condition (CWE-364)

CVE-2024-6387

This vulnerability allows attackers to execute arbitrary code with root privileges on vulnerable systems without authentication.

Vulnerability Scoring Details

ID	CVSS	Vector	Unauthenticated Remote Exploit
CVE-2024-6387	8.8	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	Yes

EDS-510A Series SSH Cryptographic Algorithm Security Enhancement

Tue, 30 Jul 2024 19:33:29 GMT

The EDS-510A Series has enhanced its SSH cryptographic algorithms, including cryptographic key and cipher suites.

Multiple Moxa Product Series Affected by Linux Kernel Memory Double Free Vulnerability

Wed, 10 Jul 2024 22:52:18 GMT

Multiple Moxa product series are affected by the Linux kernel memory double free vulnerability. A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component could be exploited to achieve a system crash and local privilege escalation.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Use After Free (CWE-416)

CVE-2024-1086

An attacker could exploit the vulnerability to achieve local privilege escalation or cause a system crash

Vulnerability Scoring Details

ID	CVSS	Vector	Unauthenticated Remote Exploit
CVE-2024-1086	7.8	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	No

EDS-405A/408A Series Multiple Web Vulnerabilities

Thu, 27 Jun 2024 10:07:37 GMT

Multiple web server vulnerabilities affect EDS-405A version 3.5 and earlier, as well as EDS-408A Series version 3.6 and earlier. These vulnerabilities arise from insufficient input validation and improper privilege management. An attacker could exploit these vulnerabilities by sending crafted HTTP input to the web service. Successful exploitation could lead to a denial-of-service attack, remote code execution, and privilege escalation.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Improper Privilege Management (CWE-269)

CVE-2015-6464

An attacker could send crafted input to escalate privileges.

Uncontrolled Resource Exhaustion (CWE-400)

CVE-2015-6465

The embedded GoAhead web server running on the EDS-405A and EDS-408A is vulnerable to a denial-of-service attack.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

CVE-2015-6466

An input field in the administrative web interface lacks input validation, which could be abused to inject JavaScript code.

Vulnerability Scoring Details

ID	CVSS v2.0	Vector	Unauthenticated Remote Exploit
CVE-2015-6464	8.2	AV:N/AC:L/Au:S/C:N/I:C/A:C	No
CVE-2015-6465	6.8	AV:N/AC:L/Au:S/C:N/I:N/A:C	No
CVE-2015-6466	4.3	AV:N/AC:M/Au:N/C:N/I:P/A:N	Yes

AWK-3131A Series Industrial AP/Bridge/Client Vulnerabilities

Tue, 25 Jun 2024 16:09:59 GMT

Multiple product vulnerabilities were identified in Moxa’s AWK-3131A industrial AP/Bridge/Client Series. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Access Control (CWE-284) CVE-2019-5136 / TALOS-2019-0925	Improper system access as a higher privilege user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
2	Use of Hard-coded Cryptographic Key (CWE-321) CVE-2019-5137 / TALOS-2019-0926	Exploitable Hard-coded Cryptographic Key allows for the decryption of captured traffic.
3	Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5138 / TALOS-2019-0927	Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
4	Use of Hard-coded Credentials (CWE-798) CVE-2019-5139 / TALOS-2019-0928	Exploitable hard-coded credentials.
5	Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5140 / TALOS-2019-0929	Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
6	Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5141 / TALOS-2019-0930	Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
7	Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5142 / TALOS-2019-0931	Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
8	Buffer Copy without Checking Size of Input (CWE-120) CVE-2019-5143 / TALOS-2019-0932	This vulnerability may cause remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
9	Out-of-bounds Read (CWE-125) CVE-2019-5148 / TALOS-2019-0938	An attacker can send a crafted packet and cause denial-of-service of the device.
10	Stack-based Buffer Overflow (CWE-121) CVE-2019-5153 / TALOS-2019-0944	This vulnerability may cause remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
11	Improper Access Control (CWE-284) CVE-2019-5162 / TALOS-2019-0955	Improper remote shell access to the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
12	Authentication Bypass Using an Alternate Path or Channel (CWE-288) CVE-2019-5165 / TALOS-2019-0960	An exploitable authentication bypass vulnerability. Attacker can trigger authentication bypass on specially configured device.

OnCell G3470A-LTE Series Multiple Web Application Vulnerabilities

Fri, 21 Jun 2024 16:49:05 GMT

Multiple web server vulnerabilities have been found in the OnCell G3470A-LTE Series version 1.7.7 and prior. These vulnerabilities stem from insufficient input validation and trust in the format string from an external source. An attacker could exploit these vulnerabilities by sending crafted input to the web service. Successful exploitation of these vulnerabilities could lead to a denial-of-service attack, remote code execution, and information disclosure.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper neutralization of special elements used in a command (CWE-77) CVE-2024-4638	An attacker can execute unauthorized commands.
2	Improper neutralization of special elements used in a command (CWE-77) CVE-2024-4639	Malicious users can execute unauthorized commands.
3	Buffercopy without checking size of input (Classic Buffer Overflow)(CWE-120) CVE-2024-4640	An attacker can write past the boundaries of allocated buffer regions in the memory, causing a program crash.
4	Use of externally-controlled format string (CWE-134) CVE-2024-4641	An attacker could change an externally controlled format string to cause a memory leak and denial-of-service attack.

Vulnerability Scoring Details

ID	CVSS	Vector	Remote Exploit without Auth?
CVE-2024-4638	7.1	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N	No
CVE-2024-4639	7.1	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N	No
CVE-2024-4640	7.1	AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	No
CVE-2024-4641	6.3	AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	No

Multiple UC Series IPC SSH Vulnerability

Thu, 20 Jun 2024 18:51:00 GMT

Multiple UC series IPC are affected by CVE-2023-48795. These vulnerabilities are caused by insufficient integrity checks of packets during a handshake. An attacker in a network position between the client and server could omit some negotiation message, forcing to downgrade or disable some security features without detection. This vulnerability may lead to bypass authentication.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Improper Validation of Integrity Check Value (CWE-354)

CVE-2023-48795

An attacker may bypass the authentication mechanism.

Vulnerability Scoring Details

ID	CVSS	Vector	Remote Exploit without Auth?
CVE-2023-48795	5.9	AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N	Yes

SDS-3008 Series Multiple Vulnerabilities

Wed, 19 Jun 2024 20:54:59 GMT

SDS-3008 Series firmware version v2.2 and prior are affected by multiple vulnerabilities in the old version of jQuery. These vulnerabilities could put your security at risk in many ways, such as Cross-site Scripting (XSS) attacks and prototype pollution.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2015-9251, CVE-2020-11022, CVE-2020-11023 (jQuery)	An attacker can remotely insert HTML or JavaScript into the system via a web interface, causing text/javascript to be executed.
2	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) CVE-2019-11358 (jQuery)	An attacker can inject attributes that are used in other components to execute cross-site scripting (XSS) attacks.

Vulnerability Scoring Details

ID	CVSS	Vector	Unauthenticated Remote Exploit
CVE-2015-9251	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes
CVE-2019-11358	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes
CVE-2020-11022	6.9	AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N	Yes
CVE-2020-11023	6.9	AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N	Yes

NPort 5100A Series Store XSS Vulnerability

Tue, 07 May 2024 15:13:06 GMT

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.

The identified vulnerability type and potential impact are shown below:

Item

Vulnerability Type

Impact

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

(CWE-79)

An attacker can use this vulnerability to get sensitive information and escalate privileges.

Vulnerability Scoring Detail

ID	CVSS	Vector	Remote Exploit without Auth?
CVE-2024-3576	8.3	AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	Yes

Moxa’s Response Regarding XZ Containing Malware/Backdoor (CVE-2024-3094)

Tue, 30 Apr 2024 13:35:39 GMT

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

AIG-301 Series Azure uAMQP Vulnerabilities

Mon, 22 Apr 2024 18:24:06 GMT

The AIG-301 Series prior to version 1.5 is affected by multiple Azure uAMQP vulnerabilities. Successful exploitation of these vulnerabilities could remote code execution.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Double free (CWE-415) CVE-2024-27099	An attacker can process an incorrect `AMQP_VALUE` failed state that may cause a double free problem. This may cause an RCE.
2	Improper Control of Generation of Code ('Code Injection') (CWE-97) CVE-2024-25110	An attacker can trigger a use-after-free issue and may cause a remote code execution.
3	Improper Control of Generation of Code ('Code Injection') (CWE-97) CVE-2024-21646	An attacker may craft binary type data. An integer overflow, or wraparound, or memory safety issue can occur and may cause remote code execution.

Vulnerability Scoring Details

ID	CVSS	Vector	Severity	Remote Exploit without Auth?
CVE-2024-27099	9.8	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Critical	Yes
CVE-2024-25110	9.8	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Critical	Yes
CVE-2024-21646	9.8	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Critical	Yes

NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability

Thu, 07 Mar 2024 10:29:21 GMT

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Stack-based Buffer Overflow (CWE-121)

CVE-2024-1220

An attacker can cause a Denial-of-service (DoS) attack

Vulnerability Scoring Details

ID	CVSS	Vector	Severity	Remote Exploit without Auth?
CVE-2024-1220	8.2	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	High	Yes

EDS-4000/G4000 Series IP Forwarding Vulnerability

Mon, 26 Feb 2024 21:00:23 GMT

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Unintended Proxy or Intermediary ('Confused Deputy') (CWE-441)

CVE-2024-0387

An attacker can bypass access controls or hide the source of malicious requests.

Vulnerability Scoring Details

ID	CVSS	Vector	Severity	Remote Exploit without Auth?
CVE-2024-0387	6.5	AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	Medium	No

PT-G503 Series Multiple Vulnerabilities

Fri, 05 Jan 2024 00:24:49 GMT

PT-G503 Series firmware version v5.2 and prior are affected by multiple vulnerabilities in the old version of jQuery, weak cipher suites, and unsecure web cookies. Using the older jQuery version and weak cipher suites and not setting session cookie attributes properly caused these vulnerabilities. These vulnerabilities could put your security at risk in many ways, such as Cross-site Scripting (XSS) attacks, prototype pollution, data leaks, unauthorized access to user sessions, etc.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2015-9251, CVE-2020-11022, CVE-2020-11023 (jQuery)	An attacker located remotely can insert HTML or JavaScript into the system via a web interface.
2	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) CVE-2019-11358 (jQuery)	An attacker can inject attributes that are used in other components.
3	Inadequate Encryption Strength (CWE-326) CVE-2005-4900 (cipher)	An attacker may be able to decrypt the data using spoofing attacks.
4	Sensitive Cookie Without 'HttpOnly' Flag (CWE-1004) CVE-2023-4217 (Cookie)	This vulnerability could cause security risks and allow unauthorized access to user session data.
5	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CWE-614) CVE-2023-5035 (Cookie)	This vulnerability could cause the cookie to be transmitted in plaintext over an HTTP session.

Vulnerability Scoring Details

ID	CVSS V3.1	VECTOR	REMOTE EXPLOIT WITHOUT AUTH?
CVE-2005-4900	5.9	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	Yes
CVE-2015-9251	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes
CVE-2019-11358	6.1	AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Yes
CVE-2020-11022	6.9	AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N	Yes
CVE-2020-11023	6.9	AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N	Yes
CVE-2023-4217	3.1	AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N	Yes
CVE-2023-5035	3.1	AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N	Yes

OnCell G3150A-LTE Series Multiple Web Application Vulnerabilities and Security Enhancement

Fri, 29 Dec 2023 23:50:00 GMT

The OnCell G3150A-LTE Series prior to version 1.3 is affected by multiple web application vulnerabilities: CVE-2004-2761, CVE-2013-2566, CVE-2016-2183, CVE-2023-6093, and CVE-2023-6094. These vulnerabilities are caused by applying weak cryptographic algorithms and cipher suites, and incorrectly restricts frame objects. Successful exploitation of these vulnerabilities could lead to unauthorized access and unexpected user interaction with the web application.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Cryptographic Issues (CWE-310) CVE-2004-2761	This vulnerability may make it easier for context-dependent attackers to conduct spoofing attacks.
2	Inadequate Encryption Strength (CWE-326) CVE-2013-2566	This vulnerability may make it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in numerous sessions that use the same plaintext.
3	Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) CVE-2016-2183	This vulnerability may make it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session.
4	Improper Restriction of Rendered UI Layers or Frames (Clickjacking) (CWE-1021) CVE-2023-6093	This vulnerability may lead the attacker to trick the user into interacting with the application.
5	Cleartext Transmission of Sensitive Information (CWE-319) CVE-2023-6094	This vulnerability may lead the attacker to gain access to user accounts and access sensitive data used by the user accounts.

Vulnerability Scoring Details

ID	CVSS	Vector	Severity	Remote Exploit without Auth?
CVE-2004-2761	5.0	AV:N/AC:L/AU:N/C:N/I:P/A:N	Medium	Yes
CVE-2013-2566	5.9	AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	Medium	Yes
CVE-2016-2183	7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	High	Yes
CVE-2023-6093	5.3	AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N	Medium	Yes
CVE-2023-6094	5.3	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Medium	Yes

ioLogik E1200 Series Web Server Vulnerability

Sat, 23 Dec 2023 16:50:23 GMT

The ioLogik E1200 Series prior to version 3.3 is affected by web application vulnerabilities.

CVE-2023-5961

A vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request.

CVE-2023-5962

A vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Cross-Site Request Forgery (CSRF) (CWE-352) CVE-2023-5961	This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
2	Use of a Broken or Risky Cryptographic Algorithm (CWE-327) CVE-2023-5962	This vulnerability may lead an attacker to get unexpected authorization.

Vulnerability Scoring Details

ID	CVSS V3.1	VECTOR	REMOTE EXPLOIT WITHOUT AUTH?
CVE-2023-5961	8.8	AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	Yes
CVE-2023-5962	6.5	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	No

NPort 6000 Series Incorrect Implementation of Authentication Algorithm Vulnerability

Wed, 01 Nov 2023 22:44:38 GMT

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Incorrect Implementation of Authentication Algorithm (CWE-303) Storing Passwords in a Recoverable Format (CWE-257) Use of a Broken or Risky Cryptographic Algorithm (CWE-327) CVE-2023-5627	An attacker can get privileged access to the web service.

Vulnerability Scoring Details

ID	CVSS V3.1	VECTOR	REMOTE EXPLOIT WITHOUT AUTH?
CVE-2023-5627	7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Yes

EDR-810/G902/G903 Series Web Server Buffer Overflow Vulnerability

Wed, 01 Nov 2023 21:20:22 GMT

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Buffer Copy Without Checking Size of Input (CWE-120) CVE-2023-4452	An attacker can trigger the device reboot.

Vulnerability Scoring Details

ID	CVSS V3.1	VECTOR	REMOTE EXPLOIT WITHOUT AUTH?
CVE-2023-4452	6.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	Yes

NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability

Fri, 20 Oct 2023 22:02:27 GMT

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.

The identified vulnerability type and potential impact are shown below:

Item	Vulnerability Type	Impact
1	Improper Validation of Integrity Check Value (CWE-354) CVE-2023-4929	This vulnerability could allow an unauthorized attacker to gain control of a device.

Vulnerability Scoring Details

ID	CVSS V3.1	VECTOR	REMOTE EXPLOIT WITHOUT AUTH?
CVE-2023-4929	6.5	AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	No

TN-5900 and TN-4900 Series Web Server Multiple Vulnerabilities

Fri, 20 Oct 2023 14:18:59 GMT

TN-5900 Series prior to version 3.3 and the TN-4900 Series prior to version 1.2.4 are affected by multiple web server vulnerabilities. Insufficient input validation causes these vulnerabilities. An attacker could exploit the vulnerabilities by sending crafted input to the web service. If exploited successfully, these vulnerabilities could lead to Denial-of-Service, remote code execution, and privilege escalation.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Improper Authentication (CWE-287)

CVE-2023-33237

An attacker can use brute force to break the authentication parameters.

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

CVE-2023-33238, CVE-2023-33239, CVE-2023-34213, CVE-2023-34214, CVE-2023-34215

An attacker located remotely can execute arbitrary commands on the device via a web interface.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

CVE-2023-34216, CVE-2023-34217

An attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.

Vulnerability Scoring Details

ID	CVSS v3.1	Vector	Remote Exploit without Auth?
CVE-2023-33237	8.8	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	No
CVE-2023-33238	7.2	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	No
CVE-2023-33239	8.8	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	No
CVE-2023-34213	8.8	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	No
CVE-2023-34214	7.2	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	No
CVE-2023-34215	7.2	AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	No
CVE-2023-34216	8.1	AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	No
CVE-2023-34217	8.1	AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	No

NPort 5600 Series Cryptographic Algorithm Security Enhancements

Mon, 04 Sep 2023 18:04:37 GMT

NPort 5600 Series has enhanced its cryptographic algorithms, including cryptographic key and cipher suites.

Security Enhancements

Cryptographic Key
Increases the RSA key length from 1024 to 2048.
Static Key Ciphers
Removes medium strength cipher suites TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_128_GCM_SHA256.
Strong Cipher Algorithms
Uses strong cipher suites ECDHE-RSA-AES128-SHA256 and ECDHE-RSA-AES128-GCM-SHA256.

MXsecurity Series Multiple Vulnerabilities

Fri, 01 Sep 2023 09:49:32 GMT

These vulnerabilities are caused by the improper design or implementation of authentication mechanisms and input validation. Exploiting these vulnerabilities could enable an attacker to bypass authentication, which could lead to the unauthorized disclosure or tampering of authenticated information, unauthorized access to sensitive data, and remote access without proper authorization.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Small Space of Random Values (CWE-334) CVE-2023-39979	An attacker can bypass authentication to gain unauthorized access.
2	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) CVE-2023-39980	An attacker can change the SQL command to gain unauthorized access to disclose information.
3	Improper Authentication (CWE-287) CVE-2023-39981	An attacker can gain unauthorized access to disclose device information.
4	Use of Hard-coded Credentials (CWE-798) CVE-2023-39982	An attacker can facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
5	Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915) CVE-2023-39983	An attacker can register/add a device via the nsm-web application.

Vulnerability Scoring Details

ID	CVSS V3.1	VECTOR	REMOTE EXPLOIT WITHOUT AUTH?
CVE-2023-39979	9.8	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Yes
CVE-2023-39980	7.1	AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N	No
CVE-2023-39981	7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Yes
CVE-2023-39982	7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Yes
CVE-2023-39983	5.3	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Yes

ioLogik 4000 Series Multiple Web Server Vulnerabilities and Improper Access Control Vulnerability

Thu, 24 Aug 2023 09:37:03 GMT

ioLogik 4000 Series (ioLogik E4200) firmware v1.6 and prior is affected by multiple web server vulnerabilities and an improper access control vulnerability.

Web Server Vulnerabilities

The web server vulnerabilities arise from improper configuration or implementation of HTTP headers. Attackers could exploit the vulnerabilities to compromise the web service.

Improper Access Control Vulnerability

The improper access control vulnerability results from improper control of an existing unauthorized service. Attackers could exploit the vulnerability by connecting to the unauthorized service. Successful exploitation of the vulnerability could lead to unauthorized access.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Existing unauthorized service (CWE-284 Improper Access Control） CVE-2023-4227	Attackers can gain unauthorized access
2	Session cookie attributes not set properly (CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag） CVE-2023-4228	Attackers can compromise the web service
3	Session headers not implemented. (CWE-1021: Improper Restriction of Rendered UI Layers or Frames） CVE-2023-4229	Attackers can compromise the web service
4	Server banner information disclosure (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor） CVE-2023-4230	Attackers can compromise the web service

NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability

Wed, 16 Aug 2023 22:31:38 GMT

CVE-2023-4204

A vulnerability has been identified in NPort IAW5000A-I/O Series firmware versions prior to v2.2, which poses a potential risk to the security and integrity of the affected device.

The identified vulnerability types and potential effects are shown below:

Item	Vulnerability Type	Impact
1	Use of hardcoded credentials (CWE-798)	This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.

Multiple Switch Series Affected by NTP Denial of Service Vulnerability

Wed, 02 Aug 2023 12:28:02 GMT

The following vulnerability affects some of Moxa’s switch series. An attacker may consume the CPU and log excessively.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Uncontrolled Recursion (CWE-674)	A remote, unauthenticated attacker may be able to cause a denial-of-service condition on a vulnerable NTP server.

NPort 5110 Series Vulnerabilities

Mon, 31 Jul 2023 15:01:27 GMT

Multiple vulnerabilities were discovered in the NPort 5110 Series that allow a remote attacker to conduct a denial-of-service attack or overwrite certain values in the memory to cause information to become unavailable.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Out-of-bounds Write (CWE-787)

CVE-2022-2044

Certain values in the memory may not be available.

Out-of-bounds Write (CWE-787)

CVE-2022-2043

A vulnerability allows a remote attacker to conduct a denial-of-service attack.

Arm-based Computer Improper Privilege Management Vulnerability

Fri, 14 Jul 2023 14:34:07 GMT

Successful exploitation of the improper privilege management vulnerability could allow a local user with normal privileges to change their settings so they have root privileges on affected devices.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Privilege Management (CWE-269)	A local user with low privileges can change their settings so they have root privileges.

Moxa’s Response Regarding the PwnKit Vulnerability

Fri, 14 Jul 2023 13:51:44 GMT

The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows users without the proper access levels to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

Moxa has investigated the vulnerability and has determined that it affects some of Moxa's devices. In response to this, Moxa has developed solutions to address this vulnerability. Please refer to the Affected Products and Solutions section below to learn more.

TN-5900 Series User Enumeration Vulnerability

Mon, 03 Jul 2023 14:07:41 GMT

A user enumeration vulnerability exists in the TN-5900 Series. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	CWE-204: Observable Response Discrepancy	An attacker located remotely can obtain sensitive information.

CN2600 Series Multiple Weak Cryptographic Algorithm Vulnerabilities

Mon, 05 Jun 2023 14:00:03 GMT

The following vulnerability affects the CN2600 Series. An attacker may compromise the connections and leak sensitive information.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

Weak cryptographic algorithm

(CWE-327: Use of a Broken or Risky Cryptographic Algorithm)

An attacker may bypass authentication, steal keys, and reduce the integrity capability that provides for remote connections.

MXsecurity Command Injection and Hardcoded Credential Vulnerabilities

Mon, 29 May 2023 12:07:52 GMT

CVE-2023-33235 (ZDI-CAN-19895)
A vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.

CVE-2023-33236 (ZDI-CAN-19896)
A vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Neutralization of Special Elements Used in a Command ('Command Injection') (CWE-77) CVE-2023-33235 (ZDI-CAN-19895)	An attacker located remotely who has gained authorization privileges can execute arbitrary commands on the device.
2	Use of Hard-coded Credentials (CWE-798) CVE-2023-33236 (ZDI-CAN-19896)	An attacker may be able to bypass authentication for web-based APIs.

Moxa’s Response Regarding the TCG TPM2.0 Implementations Vulnerable to Memory Corruption (CVE-2023-1017/CVE-2023-1018)

Fri, 24 Mar 2023 16:51:33 GMT

CVE-2023-1017

An out-of-bounds write vulnerability exists in TPM 2.0's Module Library allowing writing of a 2-byte data past the end of TPM 2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can execute a denial of service (crashing the TPM chip/process or rendering it unusable) and/or perform arbitrary code execution in the TPM context.

CVE-2023-1018

An out-of-bounds read vulnerability exists in TPM 2.0's Module Library allowing a 2-byte read past the end of a TPM 2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa’s products are affected.

Moxa's Product Security Incident Response Team (PSIRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, we will provide an update immediately.

NPort 6000 Series and Utility Improper Certificate Validation Vulnerabilities

Tue, 14 Mar 2023 15:57:14 GMT

The following two vulnerabilities affect the NPort 6000 Series and Windows driver manager. An attacker may perform a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager.

CVE-2022-43993

The Windows driver manager software does not perform any certificate verification.

CVE-2022-43994

There is no client certificate verification/authentication performed on the secure connection.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Certificate Validation (CWE-295) CVE-2022-43993	The Windows driver manager software does not perform any certificate verification. An attacker may execute a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager.
2	Improper Certificate Validation (CWE-295) CVE-2022-43994	There is no client certificate verification/authentication performed on the secure connection. An attacker may perform a person-in-the-middle attack and eavesdrop on the secure connection between the NPort 6000 Series and the Windows driver manager.

Moxa’s Response Regarding the networkd-dispatcher (D-bus) Elevation of Privileges Linux Vulnerability, Nimbuspwn (CVE-2022-29799, CVE-2022-29800)

Mon, 06 Mar 2023 21:43:31 GMT

There are two vulnerabilities in networkd-dispatcher. One vulnerability exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. Another vulnerability known as, time-of-check-time-of-use (TOCTOU) race condition, exists because there is a certain time between the scripts being discovered and them being run. An attacker can take advantage of this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with scripts that are not.

Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa’s products are affected.

Moxa’s Response Regarding the uClibc and uClibc-ng Libraries Have a Monotonically Increasing DNS Transaction ID Vulnerability

Mon, 13 Feb 2023 00:00:00 GMT

The uClibc-ng libraries through to 1.0.40 and uClibc libraries through to 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning.

Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa’s products are affected.

SDS-3008 Series Multiple Web Vulnerabilities

Thu, 02 Feb 2023 00:00:00 GMT

The SDS-3008 Series web server is affected by multiple vulnerabilities.
- A remote attacker may disclose unauthorized information or perform a denial-of-service attack.
- A remote attacker may execute arbitrary script code in the browser of an unsuspecting user.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Cleartext Transmission of Sensitive Information (CWE-319) CVE-2022-40693	A cleartext transmission vulnerability exists in the web application functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted network sniffing tool can lead to disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
2	Insufficient Resource Pool (CWE-410) CVE-2022-40224	A denial-of-service vulnerability exists in the web server functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted HTTP message header can lead to a denial-of-service attack. An attacker can send an HTTP request to trigger this vulnerability.
3	Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2022-41311, CVE-2022-41312, CVE-2022-41313	A stored cross-site scripting vulnerability exists in the web application functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted HTTP request can lead to arbitrary JavaScript code being executed. An attacker can send an HTTP request to trigger this vulnerability.
4	Information Exposure (CWE-200) CVE-2022-40691	An information disclosure vulnerability exists in the web application functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted HTTP request can lead to disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

TN-4900 Series Use of Hard-coded Credentials Vulnerability

Wed, 11 Jan 2023 15:03:38 GMT

An attacker may be able to gain privileges if an embedded credential is used.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Hard-coded Credentials (CWE-798)	An attacker may be able to gain privileges if an embedded credential is used.

Secure Router EDR and TN Series Improper Input Validation Vulnerabilities

Tue, 29 Nov 2022 00:00:00 GMT

Successful exploitation of the improper input validation vulnerability could allow a remote attacker to cause a buffer overflow that crashes the web service.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Input Validation (CWE-20)	An attacker could craft a HTTP/HTTPS request that is designed to cause the web service to crash.

Moxa UC Series Improper Physical Access Control Vulnerability

Tue, 29 Nov 2022 00:00:00 GMT

Successful exploitation of the improper physical access control vulnerability could allow an attacker who has gained physical access to the device to take full control using the console port.

In order for this vulnerability to be exploited, an attacker has to use a cable to access the device’s bootloader menu. Therefore, the device is vulnerable if it is deployed in an area without proper physical security (e.g., in an open space without access control).

Moxa’s PSIRT would like to remind organizations to perform a proper impact analysis and risk assessment prior to deploying defensive measures, such as the security patch.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Physical Access Control (CVE 2023-1257)	An attacker with physical access to the device can restart the device and gain access to its BIOS. Then, command line options can be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device authentication files to create a new user profile and gain full access to the system.

Secure Router EDR and TN Series Improper Input Validation Vulnerabilities

Mon, 28 Nov 2022 00:00:00 GMT

Successful exploitation of the improper input validation vulnerability could allow a remote attacker to cause a buffer overflow that crashes the web service.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Input Validation (CWE-20)	An attacker could craft a HTTP/HTTPS request that is designed to cause the web service to crash.

TN-5916 Series Privilege Escalation Vulnerability

Fri, 25 Nov 2022 00:00:00 GMT

The TN-5916 Series contains a flaw that may allow a remote attacker to gain administrative privileges. By editing the cookie’s values, an attacker can change their privilege from a regular user to an administrator and submit it back to the site..

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Cookie Modification Privilege Escalation Vulnerability	A remote attacker could gain administrative privileges.

Multiple Routers Improper Input Validation Vulnerabilities

Thu, 24 Nov 2022 00:00:00 GMT

Exploiting improper authentication and/or input validation vulnerabilities could allow a remote attacker to execute arbitrary code via malicious requests.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Authentication (CWE-287) CVE-2022-41758	The web service has a command injection vulnerability that can be exploited without proper authentication.
2	Improper Input Validation (CWE-20) CVE-2022-41759	The web service has a command injection vulnerability.

NE-4100T Series Improper Authentication Vulnerability

Tue, 15 Nov 2022 00:00:00 GMT

An improper authentication vulnerability in the NE-4100T Series allows a remote attacker to access the device.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Authentication Vulnerability (CWE-287)	A remote attacker could access the device without proper authentication.

VPort Series Improper Input Validation Vulnerability

Fri, 11 Nov 2022 00:00:00 GMT

Successful exploitation of the improper input validation control could allow a remote attacker to cause the RTSP service to crash.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Multiple Format String (CVE-2022-38157)	Successful exploitation of the multiple format string vulnerabilities in Moxa’s VPort IP Camera series can crash the RTSP service.
2	Multiple Buffer Overflows (CVE-2022-31858)	Successful exploitation of the multiple buffer overflow vulnerabilities in Moxa’s VPort IP Camera series can crash the RTSP service.
3	NULL Pointer Dereference Vulnerability (CVE-2022-38159)	Successful exploitation of the NULL pointer dereference vulnerability in Moxa’s VPort IP Camera series can crash the RTSP service.

Moxa’s Response Regarding the OpenSSL X.509 Email Address 4-byte Buffer Overflow Vulnerability (CVE-2022-3602)

Fri, 04 Nov 2022 11:08:40 GMT

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. This occurs after the certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failing to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution.

Moxa has completed our review and determined that none of our products are impacted by this vulnerability.

Moxa’s Response Regarding the Apache Struts 2 Double OGNL Evaluation Vulnerability

Tue, 21 Jun 2022 09:00:00 GMT

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software: Apache Struts 2.0.0 - Struts 2.5.25.

Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa’s products are affected.

Moxa’s Response Regarding the Dirty Pipe Vulnerability

Fri, 03 Jun 2022 09:00:00 GMT

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa’s products are affected.

Moxa’s Response Regarding the IPsec ESP Vulnerability

Mon, 16 May 2022 10:00:00 GMT

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa’s products are affected. Moxa's Product Security Incident Response Team (PSIRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, we will provide an update immediately.

MXview Privilege Escalation Vulnerability

Tue, 03 May 2022 10:00:00 GMT

A remote code execution (RCE) vulnerability since MXview v3.0 allows attackers with local privilege to gain system privilege and execute arbitrary code via a crafted module.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Control of Generation of Code (CWE-94)	Attackers with local privilege could gain system privilege to execute arbitrary code via a crafted module.

Moxa’s Response Regarding the Spring Shell Vulnerability (CVE-2022-22965)

Tue, 19 Apr 2022 12:00:00 GMT

The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa’s products are affected.

Suggestions for Enhancing the Security of Moxa’s Products

Fri, 25 Mar 2022 14:00:00 GMT

Moxa has recently been made aware that unauthorized users have accessed Moxa’s products by using the default password. Moxa would like to remind all users to change the default password to enhance network security.

MXview Series Network Management Software Vulnerabilities

Thu, 17 Mar 2022 12:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s MXview Series Network Management Software. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Use of Hard-coded Credentials (CWE-798) CVE-2021-40390	An attacker can send a specially-crafted HTTP request and gain unauthorized access.
2	Cleartext Transmission of Sensitive Information (CWE-319) CVE-2021-40392	An attacker can sniff network traffic to exploit sensitive information.

MGate MB3170/MB3270/MB3280/MB3480 Series Protocol Gateways Vulnerability

Thu, 17 Feb 2022 10:00:00 GMT

A product vulnerability was identified in Moxa’s MGate MB3170/MB3270/MB3280/MB3480 Series Protocol Gateways. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Channel Accessible by Non-Endpoint (CWE-300)	Allows an attacker to perform a man-in-the-middle (MITM) attack on the device.

EDR-G903, EDR-G902, and EDR-810 Series Secure Routers Vulnerability

Fri, 11 Feb 2022 10:00:00 GMT

A product vulnerability was identified in Moxa’s EDR-G903 Series, EDR-G902 Series, and EDR-G810 Series Secure Routers. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Hard-coded Credentials (CWE-798)	Use of embedded credential may allow an attacker to access the device by a crafted credential.

Moxa’s Response Regarding the Apache Log4j Vulnerabilities

Thu, 27 Jan 2022 12:00:00 GMT

A logging tool, Log4j is vulnerable to the following issues: CVE-2017-5645, CVE-2020-9488, CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, and CVE-2021-45105. For the detailed information of these vulnerabilities, please refer to the Description section of the Apache Log4j Security Vulnerabilities page.

At the time of publication, none of Moxa’s products are affected by these vulnerabilities.

VPort 06EC-2V Series and VPort 461A Series IP Cameras and Video Servers Vulnerabilities

Thu, 13 Jan 2022 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s VPort 06EC-2V Series IP Cameras and VPort 461A Series Video Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	NULL Pointer Dereference	The application allows a cookie parameter to consist of only digits, which makes it easier for an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
2	Integer Underflow	An attacker may be able to edit the element of an HTTP request causing the device to become unavailable.
3	Out-of-Bounds Read	An attacker may be able to edit the element of an HTTP request to read sensitive information or even cause the device to become unavailable.
4	Memory Leak	Continuously sending crafted packets may cause an affected device to experience a memory leak and consume the remaining memory on the device.

EDR-G903, EDR-G902, and EDR-810 Series Secure Routers Vulnerability

Thu, 06 Jan 2022 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDR-G903, EDR-G902, and EDR-810 Series. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Memory Leak	Continuously sending crafted packets may cause an affected device to experience a memory leak and fail to release memory when it is no longer required.

Moxa's Response Regarding the dnsmasq Vulnerability

Thu, 06 Jan 2022 10:00:00 GMT

Moxa has studied a report by JSOF research labs that disclosed a set of vulnerabilities (known as ‘DNSpooq’) in dnsmasq. There are two types of DNSpooq vulnerabilities: buffer overflow and DNS response validation issues. Buffer overflow (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687) might lead to remote code execution and DoS attacks; and DNS response validation issues (CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686) are vulnerable to DNS cache poisoning.

Moxa has investigated the vulnerabilities and has determined that the vulnerabilities affect AWK-3131A/4131A/1137C/1131A Series. In response to this, Moxa has developed related solutions to address these vulnerabilities.

AWK-3131A/4131A/1131A/1137C Series Wireless AP/Bridge/Client Vulnerabilities

Thu, 30 Dec 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s AWK-3131A/4131A/1131A/1137C Series Wireless AP/Bridge/Client. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Command Injection for Authentication (CWE-77), CVE-2021-37752	An attacker located remotely can execute arbitrary commands on the device via a web interface.
2	Authentication Bypass and Unencrypted Credentials (CWE-303, CWE-256), CVE-2021-37753, CVE-2021-37755	An attacker located remotely can bypass authentication mechanisms.
3	Improper Restriction That Causes Buffer Overflow (CWE-119), CVE-2021-37757	An attacker located remotely can crash the service of the devices.
4	Reveals Sensitive Information to an Unauthorized Actor (CWE-204), CVE-2021-37751	An attacker located remotely can obtain sensitive information.
5	Improper Restriction of Excessive Authentication Attempts (CWE-307), CVE-2021-37754	An attacker located remotely can use brute force to obtain credentials.
6	Cross-site scripting (XSS) (CWE-79), CVE-2021-37756	An attacker located remotely can insert HTML and JavaScript into the system via a web interface.
7	Improper Verification of Firmware (CWE-347), CVE-2021-37758	An attacker can create malicious firmware for the device.

OnCell G3150A/G3470A Series and WDR-3124A Series Cellular Gateways/Router Vulnerabilities

Thu, 30 Dec 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s OnCell G3150A/G3470A Series and WDR-3124A Series Cellular Gateways/Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Command Injection for Authentication (CWE-77), CVE-2021-37752	An attacker located remotely can execute arbitrary commands on the device via a web interface.
2	Authentication Bypass and Unencrypted Credentials (CWE-303, CWE-256), CVE-2021-37753, CVE-2021-37755	An attacker located remotely can bypass authentication mechanisms.
3	Improper Restriction That Causes Buffer Overflow (CWE-119), CVE-2021-37757	An attacker located remotely can crash the service of the devices.
4	Reveals Sensitive Information to an Unauthorized Actor (CWE-204), CVE-2021-37751	An attacker located remotely can obtain sensitive information.
5	Improper Restriction of Excessive Authentication Attempts (CWE-307), CVE-2021-37754	An attacker located remotely can use brute force to obtain credentials.
6	Improper Verification of Firmware (CWE-347), CVE-2021-37758	An attacker can create malicious firmware for the device.

TAP-213/TAP-323 Series Wireless AP/Bridge/Client Vulnerabilities

Thu, 30 Dec 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s TAP-213/TAP-323 Series Wireless AP/Bridge/Client. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Command Injection for Authentication (CWE-77), CVE-2021-37752	An attacker located remotely can execute arbitrary commands on the device via a web interface.
2	Authentication Bypass and Unencrypted Credentials (CWE-303, CWE-256), CVE-2021-37753, CVE-2021-37755	An attacker located remotely can bypass authentication mechanisms.
3	Improper Restriction That Causes Buffer Overflow (CWE-119), CVE-2021-37757	An attacker located remotely can crash the service of the devices.
4	Reveals Sensitive Information to an Unauthorized Actor (CWE-204), CVE-2021-37751	An attacker located remotely can obtain sensitive information.
5	Improper Restriction of Excessive Authentication Attempts (CWE-307), CVE-2021-37754	An attacker located remotely can use brute force to obtain credentials.
6	Cross-site scripting (XSS) (CWE-79), CVE-2021-37756	An attacker located remotely can insert HTML and JavaScript into the system via a web interface.
7	Improper Verification of Firmware (CWE-347), CVE-2021-37758	An attacker can create malicious firmware for the device.

MGate 5109 and MGate 5101-PBM-MN Series Protocol Gateways Vulnerability

Tue, 28 Dec 2021 10:00:00 GMT

A product vulnerability was identified in Moxa’s MGate 5109 and MGate 5101-PBM-MN Series Protocol Gateways. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Memory Leak	Continuously sending crafted packets may cause an affected device to experience a memory leak and fail to release memory when it is no longer required.

TN-5900 Series Secure Routers Vulnerability

Tue, 28 Dec 2021 10:00:00 GMT

A product vulnerability was identified in Moxa’s TN-5900 Series Secure Routers. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Memory Leak	Continuously sending crafted packets may cause an affected device to experience a memory leak and fail to release memory when it is no longer required.

TN-5900 Series Secure Routers Vulnerabilities

Tue, 28 Dec 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s TN-5900 Series Secure Routers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Firmware has weak algorithm to protect the integrity of the device	An attacker could easily modify the firmware and avoid the inspection mechanism.
2	Command injection	An attacker could inject malicious code to damage the device.

MGate MB3180/MB3280/MB3480 Series Protocol Gateways Vulnerability

Thu, 23 Dec 2021 10:00:00 GMT

A product vulnerability was identified in Moxa’s MGate MB3180/MB3280/MB3480 Series. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Cleartext Transmission of Sensitive Information (CWE-319), CVE-2021-4161	Remote attackers can obtain sensitive information.

NPort W2150A/W2250A Series Serial Device Servers Vulnerability

Tue, 14 Dec 2021 10:00:00 GMT

A product vulnerability was identified in Moxa’s NPort W2150A/W2250A Series Serial Device Servers. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability type and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Command injection	A vulnerability in the web server allows an authorized user with administrator rights to execute code on the root operating system.

Moxa’s Response Regarding the InterNiche Stack (INFRA:HALT) Vulnerabilities

Thu, 02 Dec 2021 09:30:00 GMT

Security researchers discovered 14 vulnerabilities in the HCC Embedded’s InterNiche stack (NicheStack) and NicheLite. As these vulnerabilities involve processing network packets, unauthenticated attackers may use specially crafted network packets to cause a Denial-of-Service (DoS) attack, disclose information, or execute arbitrary code on the target device remotely.

At the time of publication, none of these vulnerabilities affect Moxa products.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, we will provide an update immediately.

Moxa's Response Regarding the Realtek AP-Router SDK Vulnerabilities

Thu, 02 Dec 2021 00:00:00 GMT

Multiple vulnerabilities have been found in Realtek SDK that can allow remote unauthenticated attackers to compromise the target device and execute arbitrary code with the highest level of privilege.

At the time of publication, none of these vulnerabilities affect Moxa products.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, we will provide an update immediately.

ioPAC 8500 and ioPAC 8600 Series (IEC Models) Controllers Vulnerabilities

Wed, 01 Dec 2021 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s ioPAC 8500 Series (IEC models) and ioPAC 8600 Series (IEC models) rugged modular programmable controllers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Relative path traversal (CWE23) CVE-2020-25176	It is possible for an unauthenticated attacker located remotely to traverse an application’s directory, which could lead to remote code execution.
2	Cleartext transmission of sensitive information (CWE-319) CVE-2020-25178	Data is transferred over this protocol unencrypted, which could allow an attacker located remotely to upload, read, and delete files.
3	Use of hard-coded cryptographic key (CWE-321) CVE-2020-25180	An unauthenticated attacker located remotely could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
4	Unprotected storage of credentials (CWE-256) CVE-2020-25184	An unauthenticated attacker at the site could compromise user’s passwords, resulting in information disclosure.

NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities

Tue, 23 Nov 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s NPort IAW5000A-I/O Series Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities..

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Use of a Hard-coded Cryptographic Key in Firmware (CWE-321), Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) BDU:2021-05559	Malicious users can gain access through a hard-coded password.
2	Use of Hard-coded Cryptographic Key in Program Module (CWE-321) BDU:2021-05560	The possibility of malicious users encrypting sensitive data through a hard-coded cryptographic key is increased.
3	Use of Platform-dependent Third-party Components With vulnerabilities (CWE-1103) BDU:2021-05561	An outdated webserver component may have unfixed vulnerabilities.

ioLogik E2200 Series Controllers and I/Os, and ioAdmin Configuration Utility Vulnerabilities

Tue, 23 Nov 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s ioLogik E2200 Series Controllers and I/Os, and ioAdmin Configuration Utility. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types for the ioLogik E2200 Series and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Authentication (CWE-285) and Use of Client-side Authentication (CWE-603) BDU:2021-05548	An attacker can form a special network package to obtain authorization information or even bypass the authentication check.
2	Use of Hard-coded Password (CWE-259) BDU:2021-05549	Malicious users can gain access through the hard-coded password.
3	Improper Access Control (CWE-284) BDU:2021-05550	Does not restrict or incorrectly restricts unauthorized access.
4	Stack-based Buffer Overflow (CWE-121) BDU:2021-05551	A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack and execute arbitrary code (RCE).
5	Buffer Copy Without Checking Size of Input (CWE-120) BDU:2021-05552	A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack.
6	Stack-based Buffer Overflow (CWE-121) and potential Improper Authorization (CWE-285) BDU:2021-05553	A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack and execute arbitrary code (RCE), or potentially bypass authorization.
7	Stack-based Buffer Overflow (CWE-121) and potential Improper Authorization (CWE-285) BDU:2021-05554	A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack and execute arbitrary code (RCE), or potentially bypass authorization.
8	Stack-based Buffer Overflow (CWE-121) and potential Improper Authorization (CWE-285) BDU:2021-05555	A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack and execute arbitrary code (RCE), or potentially bypass authorization.

The identified vulnerability types for ioAdmin Configuration Utility and potential impacts are shown below:

Item	Vulnerability Type	Impact
9	Weak Password Requirements (CWE-521) BDU:2021-05556	Weak password requirements may allow an attacker to use brute force to gain access to the device.
10	Improper Restriction of Excessive Authentication Attempts (CWE-307) BDU:2021-05557	Weak password requirements may allow an attacker to use brute force to gain access to the device.
11	Cleartext Storage of Sensitive Information in Memory (CWE-316) BDU:2021-05558	An attacker can use malware to obtain sensitive data stored in the device’s memory.

MGate MB3180/MB3280/MB3480 Series Protocol Gateways Vulnerabilities

Fri, 17 Sep 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s MGate MB3180/MB3280/MB3480 Series. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Denial-of-service attack CVE-2021-33823	An attacker could perform a denial-of-service attack by flooding the device with packets and exhausting the web servers’ resources.
2	Denial-of-service attack CVE-2021-33824	An attacker could perform a denial-of-service attack by sending incomplete packets to exhaust the web servers’ resources.

MXview Series Network Management Software Vulnerabilities

Fri, 17 Sep 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s MXview Series. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Misconfigured service allows remote connections to internal communication channels.	Allows unwanted users to interact and use MQTT remotely.
2	Use of hard-coded, default passwords (CWE-259).	If hard-coded passwords are used, malicious users can gain access through the account that uses default passwords.
3	Remote code execution through improper neutralization of special elements.	Attackers could execute unauthorized commands, which could then be used to disable the software, or read and modify data for which the attacker should not be able to access directly.
4	RCE through improper limitation of a pathname to a restricted directory ('Path Traversal') (CWE-22).	An attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
5	An unauthenticated user can read files through improper limitation of a pathname to a restricted directory ('Path Traversal') (CWE-22).	An attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
6	An unauthenticated user can read files through improper limitation of a pathname to a restricted directory ('Path Traversal') (CWE-22).	An attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
7	Files can be read through improper limitation of a pathname to a restricted directory ('Path Traversal') (CWE-22).	An attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
8	Files can be edited through improper limitation of a pathname to a restricted directory ('Path Traversal') (CWE-22).	An attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
9	Password leakage through unprotected transport of credentials (CWE-523).	An attacker may be able to gain access to privileges or assume the identity of another user.

OnCell G3470A-LTE and WDR-3124A Series Cellular Gateways/Router Vulnerabilities

Wed, 01 Sep 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s OnCell G3470A-LTE and WDR-3124A Series Cellular/Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Restriction of Operations Within the Bounds of a Memory Buffer CVE-2016-2148	Heap-based buffer overflow may allow a remote attack in the DHCP client.
2	Improper Input Validation CVE-2016-7406	Allows remote attackers to execute arbitrary code in the dropbear SSH function.
3	Multiple vulnerabilities including buffer overflow, integer overflow etc. CVE-2012-4412, CVE-2014-5119, CVE-2014-9402, CVE-2014-9984, CVE-2018-6485, CVE-2015-7547 CVE-2015-0235	Vulnerabilities on outdated GNU C Library (glibc) may allow an attacker to cause different impacts remotely including denial of service and arbitrary code execution.
4	Multiple vulnerabilities including improper restriction of operations, uncontrolled resource consumption, null pointer dereference, buffer overflow, out-of-bounds write, privilege controls, cross-site-scripting etc. CVE-2008-4609, CVE-2009-1298, CVE-2010-1162, CVE-2010-4251, CVE-2010-4805, CVE-2011-0709, CVE-2011-2525, CVE-2012-0207, CVE-2012-2136, CVE-2012-3552, CVE-2012-6638, CVE-2012-6701, CVE-2012-6704, CVE-2013-7470, CVE-2014-2523, CVE-2015-1465, CVE-2015-5364, CVE-2016-10229, CVE-2016-3134, CVE-2016-4997, CVE-2016-7039, CVE-2016-7117, CVE-2016-8666, CVE-2017-1000111 CVE-2017-11176, CVE-2017-7618, CVE-2017-8890, CVE-2019-16746, CVE-2019-3896, CVE-2010-3848, CVE-2012-0056, CVE-2010-2692	Vulnerabilities on outdated Linux kernel that may allow an attacker to cause different impacts remotely including denial of service, memory consumption by sending large amounts of traffic, privilege escalation, inject arbitrary commands etc.
5	Use of Hard-coded Cryptographic Key ("House of Keys" vulnerability)	Embedded devices using non-unique X.509 certificates and SSH host keys can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks.
6	Multiple vulnerabilities including resource management error, buffer overflow, improper authentication, improper input validation etc. CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2009-3245, CVE-2010-0742, CVE-2010-3864, CVE-2010-4252, CVE-2012-2110, CVE-2014-3512, CVE-2014-3567, CVE-2014-8176, CVE-2015-0292, CVE-2016-2108, CVE-2016-2109	Vulnerabilities on an outdated OpenSSL module that may allow an attacker to remotely perform a denial-of-service attack or execute arbitrary code etc.
7	Hardcoded password hashes CVE-2016-8717	Use of a hard-coded cryptographic key may increase the possibility of unauthorized access.
8	Authenticated Command Injection CVE-2021-39279	A specially crafted command can cause privilege escalation and circumvent the operating system's user access controls.
9	Reflected Cross-site scripting via manipulated config-file CVE-2021-39278	Allows an attacker to import a malicious config file to the device through the web interface.

TAP-323, WAC-1001, and WAC-2004 Series Wireless AP/Bridge/Client Vulnerabilities

Wed, 01 Sep 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s TAP-323 Series and WAC-1001/2004 Series Railway Wireless Controllers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Restriction of Operations Within the Bounds of a Memory Buffer CVE-2016-2148	Heap-based buffer overflow may allow a remote attack in the DHCP client.
2	Improper Input Validation CVE-2016-7406	Allows remote attackers to execute arbitrary code in the dropbear SSH function.
3	Multiple vulnerabilities including buffer overflow, integer overflow etc. CVE-2012-4412, CVE-2014-5119, CVE-2014-9402, CVE-2014-9984, CVE-2018-6485, CVE-2015-7547 CVE-2015-0235	Vulnerabilities on outdated GNU C Library (glibc) may allow an attacker to cause different impacts remotely including denial of service and arbitrary code execution.
4	Multiple vulnerabilities including improper restriction of operations, uncontrolled resource consumption, null pointer dereference, buffer overflow, out-of-bounds write, privilege controls, cross-site-scripting etc. CVE-2008-4609, CVE-2009-1298, CVE-2010-1162, CVE-2010-4251, CVE-2010-4805, CVE-2011-0709, CVE-2011-2525, CVE-2012-0207, CVE-2012-2136, CVE-2012-3552, CVE-2012-6638, CVE-2012-6701, CVE-2012-6704, CVE-2013-7470, CVE-2014-2523, CVE-2015-1465, CVE-2015-5364, CVE-2016-10229, CVE-2016-3134, CVE-2016-4997, CVE-2016-7039, CVE-2016-7117, CVE-2016-8666, CVE-2017-1000111 CVE-2017-11176, CVE-2017-7618, CVE-2017-8890, CVE-2019-16746, CVE-2019-3896, CVE-2010-3848, CVE-2012-0056, CVE-2010-2692	Vulnerabilities on outdated Linux kernel that may allow an attacker to cause different impacts remotely including denial of service, memory consumption by sending large amounts of traffic, privilege escalation, inject arbitrary commands etc.
5	Use of Hard-coded Cryptographic Key ("House of Keys" vulnerability)	Embedded devices using non-unique X.509 certificates and SSH host keys can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks.
6	Multiple vulnerabilities including resource management error, buffer overflow, improper authentication, improper input validation etc. CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2009-3245, CVE-2010-0742, CVE-2010-3864, CVE-2010-4252, CVE-2012-2110, CVE-2014-3512, CVE-2014-3567, CVE-2014-8176, CVE-2015-0292, CVE-2016-2108, CVE-2016-2109	Vulnerabilities on an outdated OpenSSL module that may allow an attacker to remotely perform a denial-of-service attack or execute arbitrary code etc.
7	Hardcoded password hashes CVE-2016-8717	Use of a hard-coded cryptographic key may increase the possibility of unauthorized access.
8	Authenticated Command Injection CVE-2021-39279	A specially crafted command can cause privilege escalation and circumvent the operating system's user access controls.
9	Reflected Cross-site scripting via manipulated config-file CVE-2021-39278	Allows an attacker to import a malicious config file to the device through the web interface.

EDR-810 Series Secure Router Vulnerabilities

Tue, 17 Aug 2021 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDR-810 Series secure router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Use of a broken or risky cryptographic algorithm	Using a weak cryptographic algorithm may allow confidential information to be disclosed.
2	Stack-based Buffer Overflow	An attacker can exploit this vulnerability to perform remote code execution without being verified.
3	Improper neutralization of special elements used in an OS Command	An attacker who is authenticated as a user with low privileges can exploit a vulnerability and send multiple remote command injections.
4	Use of a hard-coded cryptographic key	Using a hard-coded cryptographic key may increase the possibility that confidential data can be recovered.

EDS-405A Series Ethernet Switches Vulnerability

Mon, 09 Aug 2021 10:00:00 GMT

A product vulnerability was identified in Moxa’s EDS-405A Series. In response to this, Moxa has developed a related solution to address the vulnerability.

The identified vulnerability type and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Stack-based buffer overflow	The attacker may execute arbitrary codes or target the device to cause it to go out of service. The password verification mechanism is vulnerable to buffer overflows and the attacker may use this vulnerability to cause denial-of-service.

NPort IAW5000A-I/O Series Serial Device Server Vulnerabilities

Thu, 27 May 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s NPort IAW5000A-I/O Series Wireless Device Server. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Buffer Overflow (CWE-120) BDU:2021-02699, BDU:2021-02702	A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack.
2	Stack-Based Buffer Overflow (CWE-121) BDU:2021-02700, BDU:2021-02701, BDU:2021-02703, BDU:2021-02704, BDU:2021-02708	A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack and execute arbitrary code (RCE).
3	Improper Input Validation (CWE-20) BDU:2021-02705, BDU:2021-02706	Data can be copied without validation in the built-in web server, which allows remote attackers to initiate a DoS attack.
4	OS Command Injection (CWE-78) BDU:2021-02707	Improper input validation in the built-in web server allows remote attackers to execute the OS command.

NPort IA5000A Series Serial Device Servers Vulnerabilities

Wed, 28 Apr 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s NPort IA5000A Series Serial Device Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Access Control (CWE-284) CVE-2020-27149, KLCERT-20-018	Attackers can exploit this vulnerability to elevate the privilege level of the user controlled by them or to receive requests that require a higher privilege level.
2	Unprotected Storage of Credentials (CWE-256) CVE-2020-27150, KLCERT-20-019	An attacker can extract authentication credentials from a configuration file sent over an insecure communication channel. The data extracted can subsequently be used to authenticate via Moxa Service and change the device’s configurations.
3	Cleartext Transmission of Sensitive Information (CWE-319) CVE-2020-27184, KLCERT-20-020	An attacker could read all data transferred between the client and the device if the communication is carried out over Telnet, including authentication credentials, device configuration data, the device version, and other sensitive data.
4	Cleartext Transmission of Sensitive Information (CWE-319) CVE-2020-27185, KLCERT-20-021	Successfully exploiting this vulnerability could enable attackers to read all traffic sent when Moxa Service is enabled. This includes authentication data, device configurations, the device version, and other sensitive data.

EDR-810 Series Secure Router Vulnerabilities

Tue, 23 Mar 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDR-810 industrial secure router. In response to this, Moxa has developed related solutions to address the vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Input Validation CVE-2014-2284, BDU:2015-07052	Crafted packets could potentially stop the SNMP operation of the EDR-810 series.
2	Resource Management Errors CVE-2015-1788, BDU:2015-11035	Malformed binary polynomial field allows remote attackers to cause a denial of service.
3	Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2016-10012, BDU:2017-00350	SSH connection might allow local users to gain privileges by leveraging access to a sandboxed privilege-separation process.
4	Exposure of Sensitive Information to an Unauthorized Actor CVE-2015-3195, BDU:2016-01654	Malformed data might allow remote attackers to obtain sensitive information from process memory by triggering a decoding failure.
5	Improper Input Validation CVE-2016-6515, BDU:2018-00117	Crafted string for password authentication might allow remote attackers to cause a denial of service.
6	Improper Input Validation CVE-2017-17562, BDU:2018-00118	Crafted HTTP request might allow remote code execution.
7	Cryptographic Issues CVE-2013-0169, BDU:2015-09702	Out-of-date TLS protocol might allow remote attackers to conduct distinguishing attacks and plaintext-recovery attacks.
8	Exposure of Sensitive Information to an Unauthorized Actor CVE-2016-0703, BDU:2016-00629	Out-of-date SSL protocol might allow man-in-the-middle attackers to decrypt TLS ciphertext data.
9	Permissions, Privileges, and Access Controls CVE-2013-1813, BDU:2015-09676	Improper operation of authorized users may cause local users to have unknown impact and attack vectors via console.
10	Numeric Errors CVE-2010-2156, BDU:2018-00784	Crafted DHCP packets might allow remote attackers to cause a denial of service.

VPort 06EC-2V Series IP Cameras Vulnerabilities

Tue, 16 Mar 2021 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s VPort 06EC-2V Series IP Cameras. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item

Vulnerability Type

Impact

NULL Pointer Dereference

CVE-2021-25845

The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.

Integer Underflow

CVE-2021-25846, CVE-2021-25849,

An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.

Out-of-Bounds Read

CVE-2021-25847, CVE-2021-25848

An attacker may be able to edit the element of an HTTP request to read sensitive information or even cause the device to become unavailable.

Moxa's Response Regarding Sudo Heap-based Buffer Overflow Vulnerability (CVE-2021-3156)

Wed, 17 Feb 2021 10:00:00 GMT

Sudo is a utility included in many Linux-based operating systems that allows a user to run programs with the security privileges of another user. A Heap-based buffer overflow vulnerability has been found on Sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. An attacker could exploit this vulnerability to take control of an affected system.

Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.

Moxa’s Response Regarding the Real Time Automation EtherNet/IP Stack Vulnerability

Thu, 31 Dec 2020 10:00:00 GMT

A vulnerability has been found in the Real Time Automation (RTA) proprietary 449ES EtherNet/IP (ENIP) stacks that could result in a denial-of-service attack or remote code execution. The detailed information can be found here.

Moxa has investigated this vulnerability and has determined that none of our products are affected.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there is any change, an update will be provided immediately.

Moxa’s Response Regarding the AMNESIA:33 Vulnerability

Mon, 21 Dec 2020 10:00:00 GMT

A set of vulnerabilities has been found in multiple open source TCP/IP stacks (uIP, FNET, picoTCP, and Nut/Net) that can allow an attacker to corrupt memory, perform remote code execution, leak information, and poison DNS cache. The detailed information can be found here.

Moxa has investigated this vulnerability and has determined that none of our products are currently affected.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, an update will be provided immediately.

MXview Series Network Management Software Vulnerabilities

Tue, 03 Nov 2020 10:00:00 GMT

Item	Vulnerability Type	Impact
1	Incorrect Default Permissions (CWE-276), CVE-2020-13536, CVE-2020-13537	An attacker may be able to edit a source file to insert a malicious code to elevate their permissions.

EDR-810 Series Secure Router Vulnerabilities

Tue, 03 Nov 2020 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDR-810 Series Secure Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Execute arbitrary command. BDU:2020-01269	A crafted request to the web server caused potential risk of executing arbitrary command.
2	Denial of service. BDU:2020-04912	A crafted request to the web server caused potential risk of denial-of-service.
3	No response from system. BDU:2020-04914	A crafted request to the device may cause specific parts of the user interface to become unresponsive.
4	No response from system. BDU:2020-04915	A crafted request to the device may cause specific parts of the user interface to become unresponsive.
5	No response from system. BDU:2020-04916	A crafted request to the device may cause specific parts of the user interface to become unresponsive.
6	No response from system. BDU:2020-04913	A crafted request to the device may cause specific parts of the user interface to become unresponsive.

EDR-G903, EDR-G902, and EDR-810 Secure Router Vulnerability

Thu, 29 Oct 2020 10:00:00 GMT

A product vulnerability was identified in Moxa’s EDR-G903, EDR-G902, and EDR-810 Series Secure Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Restriction of Operations (CWE-119)，CVE-2020-28144	Crafted requests sent to the device may cause improper restriction of operations.

NPort 5100A Series Serial Device Servers Vulnerability

Tue, 27 Oct 2020 10:00:00 GMT

A product vulnerability was identified in Moxa’s NPort 5100A Series Serial Device Server. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Privilege escalation via Web console	A user with read-only access may get write permissions via editing a JavaScript that will allow them to edit the device settin

NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities

Thu, 08 Oct 2020 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s NPort IAW5000A-I/O Series Serial Device Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Session Fixation (CWE-384), BDU-2020-04049, CVE-2020-25198	This vulnerability allows an attacker to gain access to a session, and hijack the session by stealing the user’s cookies.
2	Improper Privilege Management (CWE-269, CWE-266), BDU-2020-04050, CVE-2020-25194	This vulnerability allows a person with user privileges to perform requests with administrative privileges.
3	Weak Password Requirements (CWE-521), BDU-2020-04051, CVE-2020-25153	This vulnerability allows users to use weak passwords.
4	Cleartext Transmission of Sensitive Information (CWE-319), BDU-2020-04052, CVE-2020-25190	This vulnerability allows the web server to store and transmit the credentials of third-party services in cleartext.
5	Improper Restriction Of Excessive Authentication Attempts (CWE-307), BDU-2020-04053, CVE-2020-25196	This vulnerability allows a person to use brute force to bypass authentication on a SSH/Telnet session.
6	Information Exposure (CWE-200), BDU-2020-04054, CVE-2020-25192	This vulnerability allows an attacker to access sensitive information in the built-in web service without proper authorization.

EDR-810 Series Secure Routers Vulnerability

Tue, 29 Sep 2020 10:00:00 GMT

A vulnerability was identified in Moxa’s EDR-810 Series Secure Routers. In response to this, Moxa has developed a solution to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Device information leak	Unauthorized users may retrieve the device’s basic information such as LAN IP address, Model Name, MAC address, Subnet Mask, and gateway settings. Note, any sensitive information such as Event logs and Account Settings require authentication and are not affected by this vulnerability.

Moxa’s Response Regarding the GRUB2 (BootHole) Vulnerability

Tue, 08 Sep 2020 10:00:00 GMT

A vulnerability has been found in Grand Unified Bootloader version 2 (GRUB2) bootloader that can allow an attacker to execute arbitrary code when the system boots up. This vulnerability is sometimes referred to as BootHole and it can affects the GRUB2 bootloader in Windows and Linuxwhen secure boot is being used. This vulnerability has been assigned a CVE ID CVE-2020-10713 and the detailed information can be found here.

Moxa has investigated this vulnerability and has determined that none of our products are currently affected.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, an update will be provided immediately.

EDR-G902 Series and EDR-G903 Series Secure Routers Vulnerabilities

Thu, 16 Jul 2020 15:45:00 GMT

A product vulnerability was identified in Moxa’s EDR-G902 Series and EDR-G903 Series Secure Routers. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Stack buffer overflow (CWE-121) CVE-2020-14511	Malicious operation of the crafted web browser cookie may cause stack buffer overflow in the system web server of the EDR-G902 Series and EDR-G903 Series.

MGate 5105-MB-EIP Series Protocol Gateways Vulnerabilities

Fri, 10 Jul 2020 15:00:00 GMT

Multiple vulnerabilities were identified in Moxa’s MGate 5105-MB-EIP Series Protocol Gateways. In response to this, Moxa has developed a solution to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Authentication Bypass by Capture-replay (CWE-294) CVE-2020-15494, ZDI-CAN-10791	This vulnerability allows an attacker to obtain the session ID of the connection between the host and the device.
2	Exposure of Sensitive Information to an Unauthorized Actor (CEW-200) CVE-2020-15493, ZDI-CAN-10792	This vulnerability allows an attacker to decrypt the encrypted configuration file of the device.

Moxa’s Response Regarding the Ripple20 Vulnerabilities

Tue, 30 Jun 2020 10:00:00 GMT

A series of high-risk vulnerabilities has been found in the TCP/IP software library developed by Treck, Inc. These 19 vulnerabilities, labeled Ripple20, can be exploited to perform remote code execution, out-of-bounds read/write, denial-of-service (DoS) attacks, and potentially expose sensitive information. The detailed information can be found on this website: https://www.jsof-tech.com/ripple20/ and CISA’s ICS Advisory: ICSA-20-168-01.

Moxa has investigated this vulnerability and has determined that none of our products are affected.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, an update will be provided immediately.

VPort 461 Series Industrial Video Servers Vulnerabilities

Mon, 08 Jun 2020 10:00:00 GMT

A product vulnerability was identified in Moxa’s VPort 461 Series Industrial Video Servers. In response to this, Moxa has developed a related solution to address the vulnerability.

The identified vulnerability types and potential impact is shown below:

Item	Vulnerability Type	Impact
1	Command Injection. CVE-2020-23639	A command injection vulnerability exists in the device that could allow a remote attacker to execute arbitrary commands.

NPort 5100A Series Serial Device Servers Vulnerability

Wed, 29 Apr 2020 10:00:00 GMT

A vulnerability was identified in Moxa’s NPort 5100A Series Serial Device Server. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Unauthenticated Information Disclosure	The vulnerability allows an attacker to obtain the serial port configurations of the device without proper authentication.

Moxa’s Response Regarding the Kr00k Vulnerability

Mon, 06 Apr 2020 10:00:00 GMT

A vulnerability has been found in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. The detailed information can be found on this website: https://www.eset.com/int/Kr00k/

Moxa has investigated this vulnerability and has determined that none of our products are affected.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerability that affects Moxa's products, an update will be provided immediately.

OnCell Central Manager Cellular Management Software Vulnerabilities

Mon, 16 Mar 2020 09:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s cellular management software OnCell Central Manager. The vulnerabilities are based on Apache Flex BlazeDS’s, a third-party component, that is embedded on the OnCell central manager. In response to this, Moxa has developed related solutions to address the vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Deserialization of Untrusted Data (CWE-502), CVE-2017-5641	Remote code execution on third-party component: Apache Flex BlazeDS
2	Information Exposure (CWE-200), CVE-2015-3269	XML External Entity (XXE) processing on third-party component: Apache Flex BlazeDS

MGate MB3180/MB3280/MB3480/MB3170/MB3270 Series Protocol Gateways Vulnerability

Tue, 03 Mar 2020 09:00:00 GMT

A product vulnerability was identified in Moxa’s MGate MB3180/MB3280/MB3480/MB3170/MB3270 Series Protocol Gateways. In response to this, Moxa has developed a related solutions to address this vulnerability..

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Authentication (CWE-287)	Allow an unauthenticated, remote attacker to bypass authentication by logging in with empty username/password and execute arbitrary actions with administrator privileges on an affected system.

OnCell G3100-HSPA Series and OnCell G3470A-LTE Series Cellular Gateway Vulnerabilities

Thu, 13 Feb 2020 09:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s OnCell G3100-HSPA Series and OnCell G3470A-LTE Series Cellular Gateway. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:
OnCell G3470A-LTE Series:

Item	Vulnerability Type	Impact
1	Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) CVE-2018-11425	Denial of service and remote code execution

OnCell G3100-HSPA Series:

Item	Vulnerability Type	Impact
1	Uncontrolled Resource Consumption (CWE-400) CVE-2018-11420	Remote code execution
2	Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) CVE-2018-11423	Denial of service and remote code execution
3	Null Pointer Dereference (CWE-476) CVE-2018-11424	Denial of service
4	Improper Authentication (CWE-287) CVE-2018-11426	Attacker can brute force authentication parameters
5	Cross-Site Request Forgery (CSRF) (CWE-352) CVE-2018-11427	Attacker can impersonate administrative actions via web interface
6	Information Exposure (CWE-200) CVE-2018-11421	Attacker can obtain sensitive information such as administrative credentials
7	Improper Access Control (CWE-284) CVE-2018-11422	Attacker can modify configuration and upload firmware

MGate 5105-MB-EIP Series Protocol Gateways Vulnerability

Mon, 06 Jan 2020 09:00:00 GMT

A product vulnerability was identified in Moxa’s MGate 5105-MB-EIP Series Protocol Gateways. In response to this, Moxa has developed related solutions to address this vulnerability..

The identified vulnerability type and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Command Injection (CWE-78), CVE-2020-8858, ZDI-CAN-9552	A Command Injection vulnerability exists in the web server of the MGate 5105-MB-EIP Series that could allow a remote attacker to execute arbitrary commands.

AWK-3121 Series Industrial AP/Bridge/Client Vulnerabilities

Mon, 02 Dec 2019 09:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s AWK-3121 Series. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77) CVE-2018-10697, CVE-2018-10699	Multiple parameters are susceptible to command injection
2	Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77) CVE-2018-10702	Specified parameter is susceptible to command injection via shell metacharacters
3	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2018-10692	Vulnerable to cross-site scripting attack to steal the cookie
4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2018-10700	Specified parameter is susceptible to XSS payload injection
5	Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) CVE-2018-10693, CVE-2018-10695, CVE-2018-10701, and CVE-2018-10703	Multiple parameters are susceptible to buffer overflow
6	Credentials Management (CWE-255) CVE-2018-10690	The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server
7	Credentials Management (CWE-255) CVE-2018-10694	The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default
8	Credentials Management (CWE-255) CVE-2018-10698	The device enables an unencrypted TELNET service by default
9	Improper Access Control (CWE-284) CVE-2018-10691	Vulnerable to unauthorized systemlog.log download
10	Cross-Site Request Forgery (CSRF) (CWE-352) CVE-2018-10696	Web interface is not protected against CSRF attacks

Moxa’s Response Regarding URGENT/11 Vulnerability

Tue, 26 Nov 2019 09:00:00 GMT

Multiple vulnerabilities have been found in VxWorks Real Time Operation System (RTOS) TCP/IP stack (IPnet) since version 6.5. These vulnerabilities are classified as remote code execution, denial of service, information leaks, or logical flaws. The detailed information can be found on this website: https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Moxa has investigated and has not found any products that are affected by these vulnerabilities.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerabilities and it would affect Moxa's products, an update will be provided immediately.

EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches Vulnerabilities

Wed, 20 Nov 2019 09:00:00 GMT

One product vulnerability was identified in Moxa’s EDS-G508E, EDS-512E, and EDS-516E Series Ethernet Switches. In response to this, Moxa has developed a related solution to address the vulnerability.

The identified vulnerability type and potential impact is shown below:

Item	Vulnerability Type	Impact
1	Denial of service by PROFINET DCE-RPC endpoint discovery packets (CWE-400), CVE-2019-19707	To exploit this vulnerability, the attacker may cause the target device to go out of service.

EDR-810 Series Secure Routers Vulnerability

Wed, 20 Nov 2019 09:00:00 GMT

One product vulnerability was identified in Moxa’s EDR-810 Series Secure Routers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability type and potential impacts is shown below:

Item	Vulnerability Type	Impact
1	Improper sanitization of special elements used in Web GUI	A specially crafted HTTP POST could possibly trigger arbitrary command injection.

EDS-405A Series Ethernet Switches Vulnerabilities

Thu, 07 Nov 2019 09:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDS-405A Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Denial of Service (web service) by improper HTTP GET command	To exploit this vulnerability, the attacker may cause the targeted device to go out of service. This can cause authorized users to be unable to access the device. The vulnerability occurs because the packet payload size was not checked.
2	Denial of Service (web service) by excessive length of HTTP GET command	To exploit this vulnerability, the attacker may cause the targeted device to go out of service. This can cause authorized users to be unable to access the device. The vulnerability occurs because the packet payload size was not checked.

EDR-810 Series Secure Routers Vulnerability

Wed, 02 Oct 2019 00:00:00 GMT

One product vulnerability was identified in Moxa’s EDR-810 Series Secure Routers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Stack-based buffer overflow (CWE-121)	Multiple functions in the web server allow users to execute arbitrary codes.

EDR-810 Series Secure Routers Vulnerabilities

Mon, 30 Sep 2019 00:00:00 GMT

Two product vulnerabilities were identified in Moxa’s EDR-810 Series secure routers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shownbelow:

Item	Vulnerability Type	Impact
1	Improper Input Validation (CWE-20, CVE-2019-10969)	Improper input on the web console via the Admin or ConfigAdmin account allows unauthorized commands to be performed on the router.
2	Improper Access Control (CWE-284, CVE-2019-10963)	The log information may be retrieved by an unauthenticated attacker, which may allow sensitive information to be disclosed.

EDS-G516E and EDS-510E Series Ethernet Switches Vulnerabilities

Wed, 25 Sep 2019 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDS-G516E and EDS-510E Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Stack-based buffer overflow (CWE-121), CVE-2020-7007	The attacker may execute arbitrary codes or target the device to cause it to go out of service. The attacker may cause the target device to go out of service, or to execute arbitrary codes. The web setting page IEEE802.1x setting page is where the vulnerabilities found.
2	Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2020-7001	Using a weak cryptographic algorithm may allow confidential information to be disclosed. Improper implementation of the cryptographic function may allow confidential information to be disclosed.
3	Use of a hard-coded cryptographic key (CWE-321), CVE-2020-6979	Using a hard-coded cryptographic key may increase the possibility that confidential data can be recovered.
4	Use of a hard-coded password (CWE-798), CVE-2020-6981	A user with malicious intent may gain access to the system without proper authentication.
5	Buffer Copy without Checking Size of Input (CWE-120), CVE-2020-6999	To exploit this vulnerability, the attacker may cause the target device to go out of service. Some of the parameters in the syslog setting page do not ensure that the length of the text is not too long. To exploit this vulnerability, the attacker may cause the target device to go out of service. Some of the parameters in the DHCP setting page do not ensure that the length of the text is not too long. To exploit this vulnerability, the attacker may cause the target device to go out of service. Some of the parameters in the PTP setting page do not ensure that the length of the text is not too long.
6	User credentials are sent in clear text (CWE-319), CVE-2020-6997	To exploit this vulnerability, the attacker may intercept the information from the clear text communication.
7	Weak password requirements (CWE-521), CVE-2020-6991	A user with malicious intent may try to retrieve credentials by using brute force.

MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities

Wed, 25 Sep 2019 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Stack-based buffer overflow (CWE-121), CVE-2019-9099	There were two separate issues that affected the buffer overflow in the built-in web server that allowed remote attackers to initiate a DoS attack and execute arbitrary code.
2	Integer overflow leads to a buffer overflow (CWE-680), CVE-2019-9098	Integer overflow causes unexpected memory allocation that can lead to a buffer overflow.
3	Bypass the CSRF protection mechanism by using a token (CWE-352), CVE-2019-9102	A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
4	Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2019-9095	Sensitive information may be revealed by using a weak cryptographic algorithm with predictable variables.
5	Information exposure (CWE-200), CVE-2019-9103	An attacker can access sensitive information and usernames via the built-in web-service without proper authorization.
6	User credentials are sent in cleartext (CWE-310), CVE-2019-9101	Sensitive information is transmitted over some web applications in clear text.
7	Weak password requirements (CWE-521), CVE-2019-9096	Weak password requirements may allow an attacker to gain access by using brute force.
8	Cleartext storage of sensitive information (CWE-312), CVE-2019-9104	Sensitive information is stored in configuration files using clear text, which allows attackers to use an administrative account.
9	Denial-of-service attack (CWE-400, CWE-941), CVE-2019-9097	The web service will become temporarily unavailable due to the fact that the attacker overloads the system and causes the service to crash.

ioLogik 2542-HSPA Series Controllers and I/Os, and IOxpress Configuration Utility Vulnerabilities

Wed, 25 Sep 2019 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s ioLogik 2542-HSPA Series Controllers and I/Os, and IOxpress Configuration Utility. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Use Weak Cryptographic Algorithms (CWE-310), CVE-2018-18238	The configuration file was not encrypted. If an attacker got hold of the file, sensitive information in the device could be disclosed.
2	Cleartext Storage and Transmission of Sensitive Information (CWE-312 and CWE-319), CVE-2020-7003	The configuration file was not encrypted. If an attacker got hold of the file, sensitive information in the device could be disclosed.
3	Denial-of-service attack (CWE-400, CWE-941), CVE-2019-18242	Frequent and multiple requests for short-term use may cause the web server to fail.

PT-7528 and PT-7828 Series Ethernet Switches Vulnerabilities

Wed, 25 Sep 2019 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s PT-7528 and PT-7828 Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Stack-based buffer overflow (CWE-121), CVE-2020-6989	The attacker may execute arbitrary codes or target the device to cause it to go out of service.
2	Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2020-6987 / CNVD-2020-13511	Using a weak cryptographic algorithm may allow confidential information to be disclosed.
3	Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2020-6987 / CNVD-2020-13511	Improper implementation of the cryptographic function may allow confidential information to be disclosed.
4	Use of a hard-coded cryptographic key (CWE-321), CVE-2020-6983 / CNVD-2020-13512	Using a hard-coded cryptographic key increases the possibility that confidential data can be recovered.
5	Use of a hard-coded password (CWE-798), CVE-2020-6985 / CNVD-2020-13513	A user with malicious intent may gain access to the system without proper authentication.
6	Weak password requirements (CWE-521), CVE-2020-6995 / CNVD-2020-13514	A user with malicious intent may try to retrieve credentials by using brute force.
7	Information exposure (CWE-200), CVE-2020-6993 / CNVD-2020-13507	A user with malicious intent could steal sensitive information by performing a zero-day attack.

NPort 5600 Series Serial Device Servers Vulnerabilities

Mon, 12 Aug 2019 18:30:00 GMT

Two product vulnerabilities were identified in Moxa’s NPort 5600 Series Serial Device Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Authentication Bypass	An attacker can bypass authentication and gain access to device functions.
2	Insufficient Validation	An attacker can upload unauthorized firmware after gaining access to a device.

NPort IA5450A Series Serial Device Servers Vulnerability

Mon, 12 Aug 2019 18:30:00 GMT

A product vulnerability was identified in Moxa’s NPort IA5450A Series Serial Device Servers. In response to this, Moxa has developed a solution to address the vulnerability

The identified vulnerability type and potential impact is shown below:

Item	Vulnerability Type	Impact
1	Information Leak / Disclosure	An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow information to be exposed.

EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches Vulnerabilities

Fri, 01 Feb 2019 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDS-405A Series, EDS-408A Series, EDS-510A Series, and IKS-G6824A Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

EDS-405A Series, EDS-408A Series, and EDS-510A Series

Item	Vulnerability Type	Impact
1	Plain text storage of a password (CVE-2019-6518)	Moxa EDS industrial switches store plaintext passwords, which would be exposed by read raw configuration function of proprietary protocol.
2	Predictable session ID (CVE-2019-6563)	Moxa EDS industrial switches web server cookie value is not generated with proper encryption. Therefore, an attacker can still reuse it to recover the administrator's password. Note: EDS-510A users do not need to upgrade the patched firmware; please visit the Solutions section for the mitigation.
3	Missing encryption of sensitive data (CVE-2019-6526)	The proprietary management protocols that are used by Moxa EDS industrial switches may be exploited to reveal an administrative password.
4	Improper restriction of excessive authentication attempts (CVE-2019-6524)	Moxa EDS industrial switches do not implement sufficient measures to prevent multiple failed authentication attempts, which makes the switches susceptible to brute force attacks.
5	Resource exhaustion (CVE-2019-6559)	Moxa EDS industrial switches use proprietary protocols, which allow authenticated users with remote access to cause a denial of service via a specially crafted packet.

IKS-G6824A Series

Item	Vulnerability Type	Impact
1	Buffer overflow in account setting parameters (CVE-2019-6557)	Improper calculation of length of cookie value leads to stack overflow, which gives an attacker an ability to cause device reboot or perform code execution.
2	Buffer overflow in multiple parameters (CVE-2019-6557)	Several buffer overflow vulnerabilities can be caused by copying the unregulated contents of specific parameters, which in turn may allow remote code execution or cause device reboot.
3	Read device memory (CVE-2019-6522)	Failure to properly check array bounds gives attackers the ability to read device memory on arbitrary addresses.
4	Failure to handle corrupted OSPF packets (CVE-2019-6559)	Sending malformed OSPF Hello packets to a vulnerable device results in the device rebooting after 2 or 3 minutes.
5	Multiple XSS (CVE-2019-6565)	Failure to properly validate user input gives unauthenticated and authenticated attackers the ability to perform XSS attacks on users.
6	Improper web interface access control (CVE-2019-6520)	The switch has a management web interface. However, the authority is not properly checked from the server side, which results in read-only users being able to alter configurations.
7	Cross-Site Request Forgery (CVE-2019-6561)	Cross-Site Request Forgery (CSRF) occurs when an attacker uses a web browser that has already been authenticated by a user to target a web application.

NPort W2150A/NPort W2250A Serial Device Servers Vulnerabilities

Thu, 13 Dec 2018 00:00:00 GMT

Multiple product vulnerabilities were identified in NPort W2150A and NPort W2250A Serial Device Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Authenticated OS Command Injection (CVE-2018-19659)	Web server ping function can allow users with administrative privileges to circumvent the Linux operating system's user access controls.
2	Authenticated OS Command Injection (CVE-2018-19660)	Web server WLAN profile properties function can allow users with administrative privileges to circumvent the Linux operating system's user access controls.

Moxa’s Response Regarding the Libssh Authentication Bypass Vulnerability

Tue, 27 Nov 2018 00:00:00 GMT

A vulnerability has been found in libssh’s server-side state machine in versions 0.7.6 and 0.8.4 and prior. This vulnerability (CVE-2018-10933) is due to improper authentication operation and it allows a remote attacker to bypass authentication on the target system.

Moxa has investigated and has not found any products that are affected by these vulnerabilities.

Moxa's Cyber Security Response Team (CSRT) will keep monitoring the situation and if there are any updates to the status of the vulnerabilities and it would affect Moxa's products, an update will be provided immediately.

ThingsPro 2 Series System Software Vulnerabilities

Wed, 17 Oct 2018 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s ThingsPro 2 Series System Software. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	User enumeration	A remote attacker can find valid users in web applications and use brute force to exploit this vulnerability to find the corresponding password.
2	User privilege escalation	The exploitation of this vulnerability allows the remote attacker to gain more privileges.
3	Broken access control	The exploitation of this vulnerability allows the remote attacker to gain more privileges.
4	The server does not require the old password when changing the password	It is too easy for a remote attacker to change the password.
5	Cleartext storage of sensitive information	The remote attacker can guess the token permissions.
6	Privilege escalation exists on hidden token	The remote attacker could gain root privileges and execute commands by accessing the hidden token API.
7	Remote code execution	The remote attacker can use this to inject strings and force the server to run additional commands.

EDR-810 Series Secure Router Vulnerability

Fri, 21 Sep 2018 00:00:00 GMT

A product vulnerability was identified in Moxa’s EDR-810 Series Secure Router. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability type and potential impact are shown below:

Item	Vulnerability Type	Impact
1	A command injection vulnerability in the web server function	The application allows remote attackers to execute arbitrary OS commands with root privilege via the CA name parameter to the /xml/net_WebCADELETEGetValue URI.

Moxa’s Response Regarding the Intel Management Engine Vulnerability

Thu, 09 Aug 2018 00:00:00 GMT

In May 2017, researchers announced a vulnerability whereby an attacker who should not have access to a network could gain system privileges to provision Intel manageability SKUs and a local attacker could then provision manageability features to gain network or local system privileges on Intel manageability SKUs.

CVE-2017-5689

In the second half of 2017, researchers identified multiple vulnerabilities that are related to the Intel Management Engine.

CVE-2017-5705

CVE-2017-5708

CVE-2017-5711

CVE-2017-5712

In response to these vulnerabilities, Intel released a patch management engine firmware for all its platforms. Moxa has identified which of our products have been affected and issued a firmware upgrade. Any products that are not listed will not be affected by the aforementioned vulnerabilities. We recommend that people who have purchased the affected products get assistance through Moxa Global Customer Service and update to the latest BIOS.

NPort 5200 Series Serial Device Server Vulnerability

Tue, 07 Aug 2018 00:00:00 GMT

A product vulnerability was identified in Moxa’s NPort 5200 Series Serial Device Server. In response to this, Moxa has developed related solution to address this vulnerability.

The identified vulnerability type and potential impact are shown below:

Item	Vulnerability Type	Impact
1	Uncontrolled Resource Consumption	The amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition

EDS-G508E Series, EDS-G512E Series, and EDS-G516E Series Ethernet Switch Vulnerabilities

Thu, 31 May 2018 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDS-G508E Series, EDS-G512E Series, and EDS-G516E Series Ethernet Switch. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Denial of Service	An attacker could remotely manipulate the session ID and disrupt the network communications of Moxa's switch.
2	Cookie Management	Cookies are not secured against being reused
3	Cross-Site Scripting Attack	An attacker could use these flaws to insert a malicious code on to the users' browser or on to the switch.

EDR-810 Series Secure Router Vulnerabilities

Tue, 22 May 2018 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s EDR-810 Series Secure Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Web Server Ping Command Injection (TALOS-2017-0472)	A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability
2	Web RSA Key Generation Command Injection (TALOS-2017-0473)	A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability.
3	Web Server strcmp Multiple Denial of Service (TALOS-2017-0474)	A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a specified request to trigger this vulnerability.
4	Clear Text Transmission of Password (TALOS-2017-0475)	An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to log in as admin.
5	Web Server URI Denial of Service (TALOS-2017-0476)	An attacker can send a crafted URI to trigger this vulnerability.
6	Web Server Certificate Signing Request Command Injection (TALOS-2017-0477)	A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability.
7	Web Server Cross-Site Request Forgery (TALOS-2017-0478)	A specially crafted HTTP packet can cause a cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.
8	Plaintext Password Storage (TALOS-2017-0479)	An attacker with shell access could extract passwords in clear text from the device.
9	Server Agent Information Disclosure (TALOS-2017-0480)	A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability.
10	Web Server Weak Cryptography for Passwords (TALOS-2017-0481)	An attacker could intercept weakly encrypted passwords and could use brute force to break them.
11	Web Server OpenVPN Config Multiple Command Injection (TALOS-2017-0482)	A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability.
12	Service Agent Multiple Denial of Service (TALOS-2017-0487)	A specially crafted packet can cause a denial of service.

AWK-3131A Series Wireless AP/Bridge/Client Vulnerability

Mon, 16 Apr 2018 00:00:00 GMT

A product vulnerability was identified in Moxa’s AWK-3131A Series Wireless AP/bridge/client. In response to this, Moxa has developed related solution to address these vulnerability.

The identified vulnerability type and potential impact are shown below:

Item	Vulnerability Type	Impact
1	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	Attackers could perform unauthorized commands, which could then be used to disable the software, or read and modify data for which the attacker should not have permission to access.

OnCell G3100-HSPA Series Cellular Gateway/Router Vulnerabilities

Tue, 13 Mar 2018 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s OnCell G3100-HSPA Series Cellular Gateway/Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Reliance on cookies without validation and integrity checking	The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
2	Improper handling of length parameter inconsistency	An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
3	Null pointer dereference	The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

MXview Series Network Management Software Vulnerability

Tue, 13 Mar 2018 00:00:00 GMT

A product vulnerability was identified in Moxa’s MXview Series Network Management Software. In response to this, Moxa has developed related solution to address this vulnerability.

The identified vulnerability type and potential impact are shown below:

Item	Vulnerability Type	Impact
1	Unquoted search path or element (CWE-428), CVE-2017-14030	The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

Moxa’s Response Regarding the CPU Hardware Vulnerability to Side-Channel Attacks (Meltdown & Spectre)

Tue, 16 Jan 2018 00:00:00 GMT

In January 2018, researchers announced vulnerabilities that can corrupt the implementation of speculative execution of instructions on microprocessor architectures to perform side-channel information disclosure attacks.

CVE-2017-5753 (Spectre)
CVE-2017-5715 (Spectre)
CVE-2017-5754 (Meltdown)

The vulnerabilities could allow an attacker to read information on the microprocessors or memory allocated on the operating system kernel.

To take advantage of these vulnerabilities, the attacker must be able to run a malicious custom code on a device. The vast majority of Moxa's products are not vulnerable since they operate on closed systems that do not allow custom codes to be run on the devices.

Moxa's devices that use a computer platform which includes microprocessors that could be targeted may be considered vulnerable even if they are not directly affected by the vulnerabilities. Vendors of microprocessors and operating systems are releasing updates that help mitigate these vulnerabilities. Moxa will also release updates for these products based on the vendor's suggestions.

Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.

Moxa’s Response Regarding the Key Reinstallation Attacks (KRACKs) Vulnerability

Fri, 27 Oct 2017 00:00:00 GMT

On October 2017, security vulnerabilities were disclosed in WPA2 (Wi-Fi protected Access II), which made it possible for a user to eavesdrop on Wi-Fi traffic that utilized WPA2. An attacker within the wireless range of a Wi-Fi network can exploit these vulnerabilities using key reinstallation attacks (KRACKs).

Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. Our team has been working with all of our product teams to determine which models have been affected.

Moxa AWK-3131A Wireless AP/Bridge/Client Vulnerabilities

Mon, 10 Apr 2017 10:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s AWK-3131A Series Wireless AP/Bridge/Client. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Web application nonce reuse vulnerability (CWE-613) TALOS-2016-0225, CVE-2016-8712	A session token is able to be reused for attackers to log in.
2	Web application cleartext transmission of password vulnerability (CWE-640) TALOS-2016-0230, CVE-2016-8716	Users without authorized access can intercept password transmission traffic through the web console and obtain valid credentials.
3	Hard-coded administrator credentials vulnerability (CWE-798) TALOS-2016-0231, CVE-2016-8717	An authorized administrator cannot modify or remove the backdoor account, which gives attackers the opportunity to control affected devices.
4	Web application cross-site request forgery vulnerability (CWE-352) TALOS-2016-0232, CVE-2016-8718	An authenticated admin or user is able to execute arbitrary commands through the web console.
5	Web application multiple reflected cross-site scripting vulnerabilities (CWE-79) TALOS-2016-0233, CVE-2016-8719	An authenticated admin or user is able to execute malicious script in a web browser.
6	Web application HTTP header injection vulnerability (CWE-74) TALOS-2016-0234, CVE-2016-8720	An authenticated admin or user can inject a payload into a specific parameter, which will be copied into the Location header of the HTTP response.
7	Web application ping command injection vulnerability (CWE-78) TALOS-2016-0235, CVE-2016-8721	An authenticated admin or user is able to execute arbitrary commands through the web console.
8	Web application information disclosure vulnerability (CWE-200) TALOS-2016-0236, CVE-2016-8722	An unauthorized user is able to retrieve sensitive information through a specific URL.
9	Web application denial of service vulnerability (CWE-476) TALOS-2016-0237, CVE-2016-8723	Unexpected HTTP request has the potential to crash the device’s web server.
10	Sensitive information disclosure vulnerability (CWE-200) TALOS-2016-0238, CVE-2016-8724	Potentially sensitive information is accessible through a freely-available Windows application or by using customized scripts.
11	Web application information disclosure vulnerability (CWE-200) TALOS-2016-0239, CVE-2016-8725	An unauthorized user is able to retrieve sensitive information through a specific URL.
12	Web application denial of service vulnerability (CWE-476) TALOS-2016-0240, CVE-2016-8726	Unexpected HTTP request has the potential to crash the device’s web server.
13	Web Application information disclosure vulnerability (CWE-200) TALOS-2016-0241, CVE-2016-8727	An unauthorized user is able to retrieve sensitive information through a specific URL.

OnCell G3470A-LTE Series Cellular Gateway Vulnerabilities

Fri, 14 Oct 2016 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s OnCell G3470A-LTE Series Cellular Gateway. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Authorization bypass	Unauthorized users could download log files and SNMP MIB files by accessing a specific URL.
2	Disclosed OS command	Authenticated admins or users are able to execute arbitrary commands by web console.

AWK Series, TAP Series, and WAC Series Wireless AP/Bridge/Client Vulnerabilities

Fri, 14 Oct 2016 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s AWK Series, TAP Series, and WAC Series Wireless AP/Bridge/Client. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Authorization bypass	Unauthorized users could download log files and SNMP MIB files by accessing a specific URL.
2	Disclosed OS command	Authenticated admins or users are able to execute arbitrary commands by web console.

ioLogik E1200 Series and ioLogik E2200 Series Controllers and I/O Vulnerabilities

Fri, 19 Aug 2016 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s ioLogik E1200 Series and ioLogik E2200 Series Controllers and I/O. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Multiple Stored Cross Site Scripting - XSS (CWE-79), CVE-2016-8359	An authenticated user can execute arbitrary code from the web console.
2	Password sent via HTTP GET method (CWE-522), CVE-2016-8372	In the HTTP web console, the password is not encrypted during the HTTP get request.
3	Password truncation (CWE-521), CVE-2016-8379	With a brute force attack tool, it is possible to guess simple passwords. (e.g. password 12345678 or abcd1234)
4	Missing CSRF Protection (CWE-352), CVE-2016-8350	An attacker may send requests by making a legitimate user click on a link.

MiiNePort E1/E2/E3 Series Serial Device Server Vulnerabilities

Fri, 01 Jul 2016 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s E1/E2/E3 Series Serial Device Server. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Clear text storage of sensitive information	Disclosure of sensitive information
2	Cross-site request forgery	Unverified HTTP requests may allow atacker to trick user into making unintentional request
3	Weak credential management	Authentication bypass for administration

MGate MB3000 Series, MGate 5100 Series, and MGate W5000 Series Protocol Gateway Vulnerabilities

Wed, 01 Jun 2016 10:00:00 GMT

A product vulnerability was identified in Moxa’s MGate MB3000 Series, MGate 5100 Series, and MGate W5000 Series Protocol Gateway. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Authorization bypass (CWE-287), CVE-2016-5804	An attacker could use brute force to find a static Call ID from a cookie and bypass the authentication.

NPort 5000 Series, and NPort 6000 Series Serial Device Server Vulnerabilities

Fri, 15 Apr 2016 00:00:00 GMT

Multiple product vulnerabilities were identified in Moxa’s NPort 5000 Series, and NPort 6000 Series Serial Device Server. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item	Vulnerability Type	Impact
1	Unauthenticated retrievable sensitive account information	Ensure that passwords have been enabled.
2	Unauthenticated remote firmware update	Ensure that passwords have been enabled.
3	Buffer overflow	Setup access control to devices to prevent any un-authorized access from those taking advantage of the vulnerability.
4	Cross-site scription	Setup access control to devices to prevent any un-authorized access from those taking advantage of the vulnerability.
5	Cross-site request forgery	Setup access control to devices to prevent any un-authorized access from those taking advantage of the vulnerability.

Moxa’s Response Regarding SSLv2 Vulnerabilities (DROWN, CVE-2016-0800)

Thu, 31 Mar 2016 10:00:00 GMT

Moxa has verified that some of its products are impacted by the SSLv2 vulnerability, CVE-2016-0800. Also known as “DROWN” vulnerability, this vulnerability could allow data, including passwords and encryption keys, to be read from affected systems.

Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.

Moxa’s Response Regarding the GNU Glibc Gethostbyname Function Buffer Overflow Vulnerability (GHOST, CVE-2015-0235)

Tue, 05 May 2015 00:00:00 GMT

According to ICS-CERT, the “GHOST" vulnerability (CVE-2015-0235) in the “glibc” library could affect industrial systems. An authenticated local administrator could cause a denial of service of the targeted system by exploiting this vulnerability.

ICS-CERT recommends the three following general defensive measures to protect against this and other cybersecurity risks:

Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Moxa’s Response Regarding the GNU Bourne-Again Shell (Bash) Vulnerability (Shellshock)

Tue, 07 Oct 2014 00:00:00 GMT

Moxa has verified that some of its products are impacted by the GNU Bourne-Again Shell (Bash) vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE 2014-6278). Also known as “Shellshock,” this vulnerability could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

Moxa’s Response Regarding the Open SSL Vulnerability (Heartbleed, CVE-2014-0160)

Wed, 16 Apr 2014 00:00:00 GMT

Moxa has verified that none of its products are impacted by the Open SSL vulnerability CVE-2014-0160. Also known as Heartbleed, this vulnerability could allow data, including passwords and encryption keys, to be read from affected systems.