1 |
Cleartext Transmission of Sensitive Information (CWE-319)
CVE-2022-40693 |
A cleartext transmission vulnerability exists in the web application functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted network sniffing tool can lead to disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. |
2 |
Insufficient Resource Pool (CWE-410)
CVE-2022-40224 |
A denial-of-service vulnerability exists in the web server functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted HTTP message header can lead to a denial-of-service attack. An attacker can send an HTTP request to trigger this vulnerability. |
3 |
Improper Neutralization of Input During Web Page Generation (CWE-79)
CVE-2022-41311, CVE-2022-41312, CVE-2022-41313 |
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted HTTP request can lead to arbitrary JavaScript code being executed. An attacker can send an HTTP request to trigger this vulnerability. |
4 |
Information Exposure (CWE-200)
CVE-2022-40691 |
An information disclosure vulnerability exists in the web application functionality of Moxa’s SDS-3008 Series Industrial Ethernet switch v2.1. A specially crafted HTTP request can lead to disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. |