CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28697 – Moxa MiiNePort E1 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-28697
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. • https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9344
https://notcve.org/view.php?id=CVE-2016-9344
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Un atacante puede ser capaz de forzar una cookie de sesión activa para poder descargar archivos de configuración. • http://www.securityfocus.com/bid/94783 https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9346
https://notcve.org/view.php?id=CVE-2016-9346
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Los datos de configuración son almacenados en un archivo que no está cifrado. • http://www.securityfocus.com/bid/94783 https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2016-2285
https://notcve.org/view.php?id=CVE-2016-2285
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos Moxa MiiNePort_E1_4641 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E1_7080 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E2_1242 con firmware 1.1 Build 10080614, dispositivos MiiNePort_E2_4561 con firmware 1.1 Build 10080614 y dispositivos MiiNePort E3 con firmware 1.0 Build 11071409 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://seclists.org/fulldisclosure/2016/May/7 https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-2286
https://notcve.org/view.php?id=CVE-2016-2286
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. Dispositivos Moxa MiiNePort_E1_4641 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E1_7080 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E2_1242 con firmware 1.1 Build 10080614, dispositivos MiiNePort_E2_4561 con firmware 1.1 Build 10080614 y dispositivos MiiNePort E3 con firmware 1.0 Build 11071409 tienen una contraseña en blanco por defecto, lo que permite a atacantes remotos obtener acceso a través de vectores no especificados. • http://seclists.org/fulldisclosure/2016/May/7 https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01 • CWE-287: Improper Authentication •