Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for tn-4900_firmware by moxa

    CVE-2023-34217 (GCVE-0-2023-34217)

    Vulnerability from nvd – Published: 2023-08-17 06:48 – Updated: 2024-10-02 19:58
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Certificate-delete Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34217",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T19:43:12.616230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:58:00.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T07:12:20.397Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series: Please upgrade to firmware  v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Certificate-delete Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-34217",
        "datePublished": "2023-08-17T06:48:38.770Z",
        "dateReserved": "2023-05-31T08:58:06.149Z",
        "dateUpdated": "2024-10-02T19:58:00.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34216 (GCVE-0-2023-34216)

    Vulnerability from nvd – Published: 2023-08-17 06:41 – Updated: 2024-10-08 14:10
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Key-delete Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34216",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:06:50.997727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:10:45.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T07:07:09.507Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series: Please upgrade to firmware  v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Key-delete Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-34216",
        "datePublished": "2023-08-17T06:41:41.568Z",
        "dateReserved": "2023-05-31T08:58:06.149Z",
        "dateUpdated": "2024-10-08T14:10:45.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34214 (GCVE-0-2023-34214)

    Vulnerability from nvd – Published: 2023-08-17 02:26 – Updated: 2024-10-28 06:07
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Certificate-generation Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa TN-5900 Series Affected: 1.0 , ≤ 3.3 (custom)
    Create a notification for this product.
    Moxa TN-4900 Series Affected: 1.0 , ≤ 1.2.4 (custom)
    Create a notification for this product.
    Moxa EDR-810 Series Affected: 1.0 , ≤ 5.12.27 (custom)
    Create a notification for this product.
    Moxa EDR-G902 Series Affected: 1.0 , ≤ 5.7.17 (custom)
    Create a notification for this product.
    Moxa EDR-G903 Series Affected: 1.0 , ≤ 5.7.15 (custom)
    Create a notification for this product.
    moxa tn-5900 Affected: 1.0 , ≤ 3.3 (custom)
        cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-4900 Affected: 1.0 , ≤ 1.2.4 (custom)
        cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-810 Affected: 1.0 , ≤ 5.12.27 (custom)
        cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g902 Affected: 1.0 , ≤ 5.7.17 (custom)
        cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g903 Affected: 1.0 , ≤ 5.7.15 (custom)
        cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-5900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tn-4900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.2.4",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-810",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.12.27",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g902",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.17",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g903",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.15",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:30:32.666754Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T17:37:23.351Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-810 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.12.27",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:07:21.645Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-34214",
        "datePublished": "2023-08-17T02:26:05.428Z",
        "dateReserved": "2023-05-31T08:58:06.149Z",
        "dateUpdated": "2024-10-28T06:07:21.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33239 (GCVE-0-2023-33239)

    Vulnerability from nvd – Published: 2023-08-17 02:13 – Updated: 2024-10-28 06:04
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Key-generation Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa TN-5900 Series Affected: 1.0 , ≤ 3.3 (custom)
    Create a notification for this product.
    Moxa TN-4900 Series Affected: 1.0 , ≤ 1.2.4 (custom)
    Create a notification for this product.
    Moxa EDR-810 Series Affected: 1.0 , ≤ 5.12.27 (custom)
    Create a notification for this product.
    Moxa EDR-G902 Series Affected: 1.0 , ≤ 5.7.17 (custom)
    Create a notification for this product.
    Moxa EDR-G903 Series Affected: 1.0 , ≤ 5.7.15 (custom)
    Create a notification for this product.
    Moxa EDR-G9010 Series Affected: 1.0 , ≤ 2.1 (custom)
    Create a notification for this product.
    Moxa NAT-102 Series Affected: 1.0 , ≤ 1.0.3 (custom)
    Create a notification for this product.
    moxa edr-g903 Affected: 1.0 , ≤ 5.7.15 (custom)
        cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-5900 Affected: 1.0 , ≤ 3.3 (custom)
        cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-4900 Affected: 1.0 , ≤ 1.2.4 (custom)
        cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-810 Affected: 1.0 , ≤ 5.12.27 (custom)
        cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g902 Affected: 1.0 , ≤ 5.7.17 (custom)
        cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g9010 Affected: 1.0 , ≤ 2.1 (custom)
        cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nat-102 Affected: 1.0 , ≤ 1.0.3 (custom)
        cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.750Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-g903",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.15",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-5900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-4900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.2.4",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-810",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.12.27",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-g902",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.17",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-g9010",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.1",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nat-102",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.0.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:56:35.889846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:03:33.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-810 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.12.27",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:04:52.923Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:  *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series: Please upgrade to firmware  v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Key-generation Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33239",
        "datePublished": "2023-08-17T02:13:25.280Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2024-10-28T06:04:52.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33238 (GCVE-0-2023-33238)

    Vulnerability from nvd – Published: 2023-08-17 02:04 – Updated: 2024-10-28 06:03
    VLAI
    Title
    Command-injection Vulnerability in Certificate Management
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa TN-5900 Series Affected: 1.0 , ≤ 3.3 (custom)
    Create a notification for this product.
    Moxa TN-4900 Series Affected: 1.0 , ≤ 1.2.4 (custom)
    Create a notification for this product.
    Moxa EDR-810 Series Affected: 1.0 , ≤ 5.12.27 (custom)
    Create a notification for this product.
    Moxa EDR-G902 Series Affected: 1.0 , ≤ 5.7.17 (custom)
    Create a notification for this product.
    Moxa EDR-G903 Series Affected: 1.0 , ≤ 5.7.15 (custom)
    Create a notification for this product.
    Moxa EDR-G9010 Series Affected: 1.0 , ≤ 2.1 (custom)
    Create a notification for this product.
    Moxa NAT-102 Series Affected: 1.0 , ≤ 1.0.3 (custom)
    Create a notification for this product.
    moxa tn-5900 Affected: 1.0 , ≤ 3.3 (custom)
        cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-4900 Affected: 1.0 , ≤ 1.2.4 (custom)
        cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-810 Affected: 1.0 , ≤ 5.12.27 (custom)
        cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g902 Affected: 1.0 , ≤ 5.7.17 (custom)
        cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g9010 Affected: 1.0 , ≤ 2.1 (custom)
        cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nat-102 Affected: 1.0 , ≤ 1.0.3 (custom)
        cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-5900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-4900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.2.4",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-810",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.12.27",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g902",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.17",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g9010",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.1",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nat-102",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.0.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33238",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:05:51.367695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:09:34.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-810 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.12.27",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:03:40.655Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series:\u0026nbsp;Please upgrade to firmware\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series:\u00a0Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series:\u00a0Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series:\u00a0Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series:\u00a0Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series:\u00a0Please upgrade to firmware\u00a0 v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command-injection Vulnerability in Certificate Management",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33238",
        "datePublished": "2023-08-17T02:04:50.789Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2024-10-28T06:03:40.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34217 (GCVE-0-2023-34217)

    Vulnerability from cvelistv5 – Published: 2023-08-17 06:48 – Updated: 2024-10-02 19:58
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Certificate-delete Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34217",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T19:43:12.616230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T19:58:00.223Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T07:12:20.397Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series: Please upgrade to firmware  v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Certificate-delete Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-34217",
        "datePublished": "2023-08-17T06:48:38.770Z",
        "dateReserved": "2023-05-31T08:58:06.149Z",
        "dateUpdated": "2024-10-02T19:58:00.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34216 (GCVE-0-2023-34216)

    Vulnerability from cvelistv5 – Published: 2023-08-17 06:41 – Updated: 2024-10-08 14:10
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Key-delete Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34216",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:06:50.997727Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:10:45.108Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T07:07:09.507Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series: Please upgrade to firmware  v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Key-delete Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-34216",
        "datePublished": "2023-08-17T06:41:41.568Z",
        "dateReserved": "2023-05-31T08:58:06.149Z",
        "dateUpdated": "2024-10-08T14:10:45.108Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34214 (GCVE-0-2023-34214)

    Vulnerability from cvelistv5 – Published: 2023-08-17 02:26 – Updated: 2024-10-28 06:07
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Certificate-generation Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa TN-5900 Series Affected: 1.0 , ≤ 3.3 (custom)
    Create a notification for this product.
    Moxa TN-4900 Series Affected: 1.0 , ≤ 1.2.4 (custom)
    Create a notification for this product.
    Moxa EDR-810 Series Affected: 1.0 , ≤ 5.12.27 (custom)
    Create a notification for this product.
    Moxa EDR-G902 Series Affected: 1.0 , ≤ 5.7.17 (custom)
    Create a notification for this product.
    Moxa EDR-G903 Series Affected: 1.0 , ≤ 5.7.15 (custom)
    Create a notification for this product.
    moxa tn-5900 Affected: 1.0 , ≤ 3.3 (custom)
        cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-4900 Affected: 1.0 , ≤ 1.2.4 (custom)
        cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-810 Affected: 1.0 , ≤ 5.12.27 (custom)
        cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g902 Affected: 1.0 , ≤ 5.7.17 (custom)
        cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g903 Affected: 1.0 , ≤ 5.7.15 (custom)
        cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:54.270Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-5900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tn-4900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.2.4",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-810",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.12.27",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g902",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.17",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g903",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.15",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:30:32.666754Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T17:37:23.351Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-810 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.12.27",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:07:21.645Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-34214",
        "datePublished": "2023-08-17T02:26:05.428Z",
        "dateReserved": "2023-05-31T08:58:06.149Z",
        "dateUpdated": "2024-10-28T06:07:21.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33239 (GCVE-0-2023-33239)

    Vulnerability from cvelistv5 – Published: 2023-08-17 02:13 – Updated: 2024-10-28 06:04
    VLAI
    Title
    Second Order Command-injection Vulnerability in the Key-generation Function
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa TN-5900 Series Affected: 1.0 , ≤ 3.3 (custom)
    Create a notification for this product.
    Moxa TN-4900 Series Affected: 1.0 , ≤ 1.2.4 (custom)
    Create a notification for this product.
    Moxa EDR-810 Series Affected: 1.0 , ≤ 5.12.27 (custom)
    Create a notification for this product.
    Moxa EDR-G902 Series Affected: 1.0 , ≤ 5.7.17 (custom)
    Create a notification for this product.
    Moxa EDR-G903 Series Affected: 1.0 , ≤ 5.7.15 (custom)
    Create a notification for this product.
    Moxa EDR-G9010 Series Affected: 1.0 , ≤ 2.1 (custom)
    Create a notification for this product.
    Moxa NAT-102 Series Affected: 1.0 , ≤ 1.0.3 (custom)
    Create a notification for this product.
    moxa edr-g903 Affected: 1.0 , ≤ 5.7.15 (custom)
        cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-5900 Affected: 1.0 , ≤ 3.3 (custom)
        cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-4900 Affected: 1.0 , ≤ 1.2.4 (custom)
        cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-810 Affected: 1.0 , ≤ 5.12.27 (custom)
        cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g902 Affected: 1.0 , ≤ 5.7.17 (custom)
        cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g9010 Affected: 1.0 , ≤ 2.1 (custom)
        cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nat-102 Affected: 1.0 , ≤ 1.0.3 (custom)
        cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.750Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-g903",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.15",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-5900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-4900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.2.4",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-810",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.12.27",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-g902",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.17",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "edr-g9010",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.1",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "nat-102",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.0.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T17:56:35.889846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:03:33.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-810 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.12.27",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:04:52.923Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:  *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series: Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series: Please upgrade to firmware  v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Second Order Command-injection Vulnerability in the Key-generation Function",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33239",
        "datePublished": "2023-08-17T02:13:25.280Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2024-10-28T06:04:52.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33238 (GCVE-0-2023-33238)

    Vulnerability from cvelistv5 – Published: 2023-08-17 02:04 – Updated: 2024-10-28 06:03
    VLAI
    Title
    Command-injection Vulnerability in Certificate Management
    Summary
    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Moxa TN-5900 Series Affected: 1.0 , ≤ 3.3 (custom)
    Create a notification for this product.
    Moxa TN-4900 Series Affected: 1.0 , ≤ 1.2.4 (custom)
    Create a notification for this product.
    Moxa EDR-810 Series Affected: 1.0 , ≤ 5.12.27 (custom)
    Create a notification for this product.
    Moxa EDR-G902 Series Affected: 1.0 , ≤ 5.7.17 (custom)
    Create a notification for this product.
    Moxa EDR-G903 Series Affected: 1.0 , ≤ 5.7.15 (custom)
    Create a notification for this product.
    Moxa EDR-G9010 Series Affected: 1.0 , ≤ 2.1 (custom)
    Create a notification for this product.
    Moxa NAT-102 Series Affected: 1.0 , ≤ 1.0.3 (custom)
    Create a notification for this product.
    moxa tn-5900 Affected: 1.0 , ≤ 3.3 (custom)
        cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa tn-4900 Affected: 1.0 , ≤ 1.2.4 (custom)
        cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-810 Affected: 1.0 , ≤ 5.12.27 (custom)
        cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g902 Affected: 1.0 , ≤ 5.7.17 (custom)
        cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa edr-g9010 Affected: 1.0 , ≤ 2.1 (custom)
        cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*
    Create a notification for this product.
    moxa nat-102 Affected: 1.0 , ≤ 1.0.3 (custom)
        cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-5900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "3.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "tn-4900",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.2.4",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-810",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.12.27",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g902",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "5.7.17",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr-g9010",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "2.1",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nat-102",
                "vendor": "moxa",
                "versions": [
                  {
                    "lessThanOrEqual": "1.0.3",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33238",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:05:51.367695Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:09:34.491Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TN-5900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "3.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TN-4900 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.4",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-810 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.12.27",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G902 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.17",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G903 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "5.7.15",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EDR-G9010 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NAT-102 Series",
              "vendor": "Moxa",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.3",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
                }
              ],
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T06:03:40.655Z",
            "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
            "shortName": "Moxa"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series:\u0026nbsp;Please upgrade to firmware\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-810 Series:\u00a0Please upgrade to firmware  v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n  *  EDR-G902 Series:\u00a0Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series:\u00a0Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series:\u00a0Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series:\u00a0Please upgrade to firmware\u00a0 v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Command-injection Vulnerability in Certificate Management",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "assignerShortName": "Moxa",
        "cveId": "CVE-2023-33238",
        "datePublished": "2023-08-17T02:04:50.789Z",
        "dateReserved": "2023-05-19T02:30:16.483Z",
        "dateUpdated": "2024-10-28T06:03:40.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }