Search

Find a vulnerability

Search criteria

    21 vulnerabilities found for MXsecurity by Moxa

    CERTFR-2025-AVI-1090

    Vulnerability from certfr_avis - Published: 2025-12-10 - Updated: 2025-12-10

    Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Moxa MXsecurity MXsecurity Series versions antérieures à 2.3.1
    References
    Bulletin de sécurité Moxa MPSA-252631 2025-12-10 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MXsecurity Series versions ant\u00e9rieures \u00e0 2.3.1",
          "product": {
            "name": "MXsecurity",
            "vendor": {
              "name": "Moxa",
              "scada": true
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-9315",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9315"
        }
      ],
      "initial_release_date": "2025-12-10T00:00:00",
      "last_revision_date": "2025-12-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1090",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
      "title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
      "vendor_advisories": [
        {
          "published_at": "2025-12-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-252631",
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-252631-cve-2025-9315-unauthenticated-device-registration-vulnerability-in-mxsecurity-series"
        }
      ]
    }

    CERTFR-2023-AVI-0708

    Vulnerability from certfr_avis - Published: 2023-09-01 - Updated: 2023-09-01

    De multiples vulnérabilités ont été découvertes dans Moxa MXSecurity. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Moxa MXsecurity Moxa séries MXsecurity versions antérieures à 1.1.0
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Moxa s\u00e9ries MXsecurity versions ant\u00e9rieures \u00e0 1.1.0",
          "product": {
            "name": "MXsecurity",
            "vendor": {
              "name": "Moxa",
              "scada": true
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-39980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39980"
        },
        {
          "name": "CVE-2023-39983",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39983"
        },
        {
          "name": "CVE-2023-39981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39981"
        },
        {
          "name": "CVE-2023-39979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39979"
        },
        {
          "name": "CVE-2023-39982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39982"
        }
      ],
      "initial_release_date": "2023-09-01T00:00:00",
      "last_revision_date": "2023-09-01T00:00:00",
      "links": [],
      "reference": "CERTFR-2023-AVI-0708",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-09-01T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMoxa MXSecurity\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa MXSecurity",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230403 du 01 septembre 2023",
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
        }
      ]
    }

    CERTFR-2023-AVI-0204

    Vulnerability from certfr_avis - Published: 2023-03-08 - Updated: 2023-05-25

    Une vulnérabilité a été découverte dans Moxa MXsecurity. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une exécution de code arbitraire à distance.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Moxa MXsecurity MXsecurity versions antérieures à 1.0.1
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MXsecurity versions ant\u00e9rieures \u00e0 1.0.1",
          "product": {
            "name": "MXsecurity",
            "vendor": {
              "name": "Moxa",
              "scada": true
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-33236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33236"
        },
        {
          "name": "CVE-2023-33235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-33235"
        }
      ],
      "initial_release_date": "2023-03-08T00:00:00",
      "last_revision_date": "2023-05-25T00:00:00",
      "links": [],
      "reference": "CERTFR-2023-AVI-0204",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-03-08T00:00:00.000000"
        },
        {
          "description": "Ajout identifiants CVE.",
          "revision_date": "2023-05-25T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMoxa\nMXsecurity\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans Moxa MXsecurity",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230301 du 08 mars 2023",
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
        }
      ]
    }

    CVE-2024-4740 (GCVE-0-2024-4740)

    Vulnerability from nvd – Published: 2024-10-18 08:21 – Updated: 2024-10-18 14:38
    VLAI
    Title
    MXsecurity Use of Hard-coded Credentials
    Summary
    MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.1.0 (custom)
    Create a notification for this product.
    moxa mxsecurity Affected: 1.0 , ≤ 1.1.0 (custom)
        cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sean Cai Chris Huang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mxsecurity",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.1.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-18T14:36:04.335600Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-18T14:38:21.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sean Cai"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Chris Huang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."
                }
              ],
              "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191: Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-18T08:21:15.659Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMoxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\"\u003eMoxa Software Licensing Portal\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n  *  MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the  Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Use of Hard-coded Credentials",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eThe starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
                }
              ],
              "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n  *  The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2024-4740",
        "datePublished": "2024-10-18T08:21:15.659Z",
        "dateReserved": "2024-05-10T09:05:35.936Z",
        "dateUpdated": "2024-10-18T14:38:21.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4739 (GCVE-0-2024-4739)

    Vulnerability from nvd – Published: 2024-10-18 08:11 – Updated: 2024-10-18 14:40
    VLAI
    Title
    MXsecurity License Generation Function Disclosure
    Summary
    The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.1.0 (custom)
    Create a notification for this product.
    moxa mxsecurity Affected: 1.0 , ≤ 1.1.0 (custom)
        cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sean Cai Chris Huang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mxsecurity",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.1.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-18T14:39:37.302578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-18T14:40:34.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sean Cai"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Chris Huang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."
                }
              ],
              "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36: Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-18T08:11:04.908Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMoxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\"\u003eMoxa Software Licensing Portal\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n  *  MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the  Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity License Generation Function Disclosure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eThe starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
                }
              ],
              "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n  *  The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2024-4739",
        "datePublished": "2024-10-18T08:11:04.908Z",
        "dateReserved": "2024-05-10T09:05:34.287Z",
        "dateUpdated": "2024-10-18T14:40:34.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39983 (GCVE-0-2023-39983)

    Vulnerability from nvd – Published: 2023-09-02 12:37 – Updated: 2024-09-30 20:15
    VLAI
    Title
    MXsecurity Register Database Pollution
    Summary
    A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:15:36.250221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:15:47.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-77",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-77: Manipulating User-Controlled Variables"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-915",
                  "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-02T12:37:12.342Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Register Database Pollution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39983",
        "datePublished": "2023-09-02T12:37:12.342Z",
        "dateReserved": "2023-08-08T07:09:59.308Z",
        "dateUpdated": "2024-09-30T20:15:47.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39982 (GCVE-0-2023-39982)

    Vulnerability from nvd – Published: 2023-09-02 12:31 – Updated: 2024-10-28 06:13
    VLAI
    Title
    MXsecurity Hardcoded Credential
    Summary
    A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.170Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:16:27.945469Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:16:40.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191: Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:13:21.724Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Hardcoded Credential",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39982",
        "datePublished": "2023-09-02T12:31:03.492Z",
        "dateReserved": "2023-08-08T07:09:59.308Z",
        "dateUpdated": "2024-10-28T06:13:21.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39981 (GCVE-0-2023-39981)

    Vulnerability from nvd – Published: 2023-09-02 12:25 – Updated: 2024-10-28 06:11
    VLAI
    Title
    MXsecurity Device Information Disclosure
    Summary
    A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.125Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:17:32.383425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:17:40.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114: Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:11:47.253Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Device Information Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39981",
        "datePublished": "2023-09-02T12:25:12.195Z",
        "dateReserved": "2023-08-08T07:09:59.308Z",
        "dateUpdated": "2024-10-28T06:11:47.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39980 (GCVE-0-2023-39980)

    Vulnerability from nvd – Published: 2023-09-02 12:14 – Updated: 2024-09-27 16:02
    VLAI
    Title
    MXsecurity Authenticated Information Disclosure Due to SQL Injection
    Summary
    A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T14:59:39.961553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T16:02:36.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66: SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-02T12:14:15.692Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Authenticated Information Disclosure Due to SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39980",
        "datePublished": "2023-09-02T12:14:15.692Z",
        "dateReserved": "2023-08-08T07:09:59.307Z",
        "dateUpdated": "2024-09-27T16:02:36.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39979 (GCVE-0-2023-39979)

    Vulnerability from nvd – Published: 2023-09-02 12:05 – Updated: 2024-09-30 20:18
    VLAI
    Title
    MXsecurity Authentication Bypass
    Summary
    There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.  
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-334 - Small Space of Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:18:07.436345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:18:16.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.\u0026nbsp;\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.\u00a0\u00a0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112: Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-334",
                  "description": "CWE-334: Small Space of Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-02T12:05:48.829Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39979",
        "datePublished": "2023-09-02T12:05:48.829Z",
        "dateReserved": "2023-08-08T07:09:59.307Z",
        "dateUpdated": "2024-09-30T20:18:16.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33236 (GCVE-0-2023-33236)

    Vulnerability from nvd – Published: 2023-05-22 06:40 – Updated: 2025-01-21 21:44
    VLAI
    Title
    MXsecurity Hardcoded Credential Vulnerability
    Summary
    MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33236",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T21:44:36.445689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T21:44:46.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-22T06:40:22.242Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity Series: Please upgrade to software v1.0.1 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  MXsecurity Series: Please upgrade to software v1.0.1 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Hardcoded Credential Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33236",
        "datePublished": "2023-05-22T06:40:22.242Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2025-01-21T21:44:46.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33235 (GCVE-0-2023-33235)

    Vulnerability from nvd – Published: 2023-05-22 05:38 – Updated: 2025-01-21 21:45
    VLAI
    Title
    MXsecurity Command Injection Vulnerability
    Summary
    MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.741Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T21:45:25.324487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T21:45:49.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\u003c/p\u003e"
                }
              ],
              "value": "MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-22T05:38:29.841Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity Series: Please upgrade to software v1.0.1 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  MXsecurity Series: Please upgrade to software v1.0.1 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Command Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33235",
        "datePublished": "2023-05-22T05:38:29.841Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2025-01-21T21:45:49.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4740 (GCVE-0-2024-4740)

    Vulnerability from cvelistv5 – Published: 2024-10-18 08:21 – Updated: 2024-10-18 14:38
    VLAI
    Title
    MXsecurity Use of Hard-coded Credentials
    Summary
    MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.1.0 (custom)
    Create a notification for this product.
    moxa mxsecurity Affected: 1.0 , ≤ 1.1.0 (custom)
        cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sean Cai Chris Huang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mxsecurity",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.1.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4740",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-18T14:36:04.335600Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-18T14:38:21.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sean Cai"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Chris Huang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."
                }
              ],
              "value": "MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191: Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-18T08:21:15.659Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMoxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\"\u003eMoxa Software Licensing Portal\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n  *  MXsecurity: Please upgrade to the firmware version 2.2.0 or higher via the  Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Use of Hard-coded Credentials",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eThe starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
                }
              ],
              "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n  *  The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2024-4740",
        "datePublished": "2024-10-18T08:21:15.659Z",
        "dateReserved": "2024-05-10T09:05:35.936Z",
        "dateUpdated": "2024-10-18T14:38:21.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4739 (GCVE-0-2024-4739)

    Vulnerability from cvelistv5 – Published: 2024-10-18 08:11 – Updated: 2024-10-18 14:40
    VLAI
    Title
    MXsecurity License Generation Function Disclosure
    Summary
    The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.1.0 (custom)
    Create a notification for this product.
    moxa mxsecurity Affected: 1.0 , ≤ 1.1.0 (custom)
        cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Sean Cai Chris Huang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:moxa:mxsecurity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mxsecurity",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.1.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4739",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-18T14:39:37.302578Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-18T14:40:34.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sean Cai"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Chris Huang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."
                }
              ],
              "value": "The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-36",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-36: Using Unpublished Interfaces or Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-18T08:11:04.908Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMoxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://netsecuritylicense.moxa.com/Account/Login\"\u003eMoxa Software Licensing Portal\u003c/a\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed an appropriate solution to address the vulnerability. The solution for the affected product is shown below.\n\n  *  MXsecurity: Please Upgrade to the firmware version 2.2.0 or higher via the  Moxa Software Licensing Portal https://netsecuritylicense.moxa.com/Account/Login"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity License Generation Function Disclosure",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eThe starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f\u0026nbsp;\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
                }
              ],
              "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n\n\n\n\n\n\n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n\n\n\n\n\n\n  *  The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2024-4739",
        "datePublished": "2024-10-18T08:11:04.908Z",
        "dateReserved": "2024-05-10T09:05:34.287Z",
        "dateUpdated": "2024-10-18T14:40:34.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39983 (GCVE-0-2023-39983)

    Vulnerability from cvelistv5 – Published: 2023-09-02 12:37 – Updated: 2024-09-30 20:15
    VLAI
    Title
    MXsecurity Register Database Pollution
    Summary
    A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.193Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:15:36.250221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:15:47.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-77",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-77: Manipulating User-Controlled Variables"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-915",
                  "description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-02T12:37:12.342Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Register Database Pollution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39983",
        "datePublished": "2023-09-02T12:37:12.342Z",
        "dateReserved": "2023-08-08T07:09:59.308Z",
        "dateUpdated": "2024-09-30T20:15:47.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39982 (GCVE-0-2023-39982)

    Vulnerability from cvelistv5 – Published: 2023-09-02 12:31 – Updated: 2024-10-28 06:13
    VLAI
    Title
    MXsecurity Hardcoded Credential
    Summary
    A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.170Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:16:27.945469Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:16:40.675Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-191",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-191: Read Sensitive Constants Within an Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:13:21.724Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Hardcoded Credential",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39982",
        "datePublished": "2023-09-02T12:31:03.492Z",
        "dateReserved": "2023-08-08T07:09:59.308Z",
        "dateUpdated": "2024-10-28T06:13:21.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39981 (GCVE-0-2023-39981)

    Vulnerability from cvelistv5 – Published: 2023-09-02 12:25 – Updated: 2024-10-28 06:11
    VLAI
    Title
    MXsecurity Device Information Disclosure
    Summary
    A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.125Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:17:32.383425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:17:40.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114: Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:11:47.253Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Device Information Disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39981",
        "datePublished": "2023-09-02T12:25:12.195Z",
        "dateReserved": "2023-08-08T07:09:59.308Z",
        "dateUpdated": "2024-10-28T06:11:47.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39980 (GCVE-0-2023-39980)

    Vulnerability from cvelistv5 – Published: 2023-09-02 12:14 – Updated: 2024-09-27 16:02
    VLAI
    Title
    MXsecurity Authenticated Information Disclosure Due to SQL Injection
    Summary
    A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.194Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T14:59:39.961553Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T16:02:36.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66: SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-02T12:14:15.692Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Authenticated Information Disclosure Due to SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39980",
        "datePublished": "2023-09-02T12:14:15.692Z",
        "dateReserved": "2023-08-08T07:09:59.307Z",
        "dateUpdated": "2024-09-27T16:02:36.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39979 (GCVE-0-2023-39979)

    Vulnerability from cvelistv5 – Published: 2023-09-02 12:05 – Updated: 2024-09-30 20:18
    VLAI
    Title
    MXsecurity Authentication Bypass
    Summary
    There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.  
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-334 - Small Space of Random Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa MXsecurity Series Affected: 1.0 , ≤ 1.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:18:10.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T20:18:07.436345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T20:18:16.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.\u0026nbsp;\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.\u00a0\u00a0\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112: Brute Force"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-334",
                  "description": "CWE-334: Small Space of Random Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-02T12:05:48.829Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity: Please upgrade to software v1.1.0 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected product is shown below.\n  *  MXsecurity: Please upgrade to software v1.1.0 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-39979",
        "datePublished": "2023-09-02T12:05:48.829Z",
        "dateReserved": "2023-08-08T07:09:59.307Z",
        "dateUpdated": "2024-09-30T20:18:16.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33236 (GCVE-0-2023-33236)

    Vulnerability from cvelistv5 – Published: 2023-05-22 06:40 – Updated: 2025-01-21 21:44
    VLAI
    Title
    MXsecurity Hardcoded Credential Vulnerability
    Summary
    MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33236",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T21:44:36.445689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T21:44:46.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-22T06:40:22.242Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity Series: Please upgrade to software v1.0.1 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  MXsecurity Series: Please upgrade to software v1.0.1 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Hardcoded Credential Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33236",
        "datePublished": "2023-05-22T06:40:22.242Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2025-01-21T21:44:46.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33235 (GCVE-0-2023-33235)

    Vulnerability from cvelistv5 – Published: 2023-05-22 05:38 – Updated: 2025-01-21 21:45
    VLAI
    Title
    MXsecurity Command Injection Vulnerability
    Summary
    MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.741Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T21:45:25.324487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T21:45:49.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MXsecurity Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\u003c/p\u003e"
                }
              ],
              "value": "MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-22T05:38:29.841Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMXsecurity Series: Please upgrade to software v1.0.1 or higher.\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  MXsecurity Series: Please upgrade to software v1.0.1 or higher.\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MXsecurity Command Injection Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33235",
        "datePublished": "2023-05-22T05:38:29.841Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2025-01-21T21:45:49.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }