CVSS: 8.7EPSS: 0%CPEs: 49EXPL: 0CVE-2024-7695 – Out-of-bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-7695
29 Jan 2025 — Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches • CWE-787: Out-of-bounds Write •
CVSS: 9.7EPSS: 0%CPEs: 60EXPL: 0CVE-2024-9137 – Moxa Service Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2024-9137
14 Oct 2024 — The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5035 – Cookie Without Secure Flag
https://notcve.org/view.php?id=CVE-2023-5035
02 Nov 2023 — A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. Se identificó una vulnerabilidad en las versiones de firmware Series PT-G503 anteriores a la v5.2, donde el atributo Seguro para cookies s... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230203-pt-g503-series-multiple-vulnerabilities • CWE-319: Cleartext Transmission of Sensitive Information CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4217 – Session cookies attribute not set properly
https://notcve.org/view.php?id=CVE-2023-4217
02 Nov 2023 — A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. Se identificó una vulnerabilidad en las versiones Series PT-G503 anteriores a la v5.2, donde el atributo de cookies de sesión no está configurado correctamente en la aplicación afectada. La vulnerabilidad puede generar ries... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230203-pt-g503-series-multiple-vulnerabilities • CWE-668: Exposure of Resource to Wrong Sphere CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •