290 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. Las versiones v1.1.0 y anteriores del software MXsecurity son vulnerables debido al uso de credenciales codificadas. Esta vulnerabilidad podría permitir que un atacante altere datos confidenciales. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. La falta de restricción de acceso a un recurso por parte de usuarios no autorizados hace que las versiones v1.1.0 y anteriores del software MXsecurity sean vulnerables. Al obtener un autenticador válido, un atacante puede hacerse pasar por un usuario autorizado y acceder al recurso con éxito. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities • CWE-749: Exposed Dangerous Method or Function •

CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. El producto afectado permite la inyección de comandos del sistema operativo a través de comandos restringidos incorrectamente, lo que potencialmente permite a los atacantes ejecutar código arbitrario. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o cargas no autorizadas de archivos de configuración y comprometer el sistema. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •