CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4740 – MXsecurity Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2024-4740
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. Las versiones v1.1.0 y anteriores del software MXsecurity son vulnerables debido al uso de credenciales codificadas. Esta vulnerabilidad podría permitir que un atacante altere datos confidenciales. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4739 – MXsecurity License Generation Function Disclosure
https://notcve.org/view.php?id=CVE-2024-4739
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. La falta de restricción de acceso a un recurso por parte de usuarios no autorizados hace que las versiones v1.1.0 y anteriores del software MXsecurity sean vulnerables. Al obtener un autenticador válido, un atacante puede hacerse pasar por un usuario autorizado y acceder al recurso con éxito. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-231878-mxsecurity-series-multiple-vulnerabilities • CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39983 – MXsecurity Register Database Pollution
https://notcve.org/view.php?id=CVE-2023-39983
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application. Se ha identificado una vulnerabilidad que supone un riesgo potencial de contaminar la base de datos sqlite de MXsecurity y la interfaz de usuario nsm-web en las versiones de MXsecurity anteriores a la v1.0.1. Esta vulnerabilidad podría permitir a un atacante remoto no autenticado registrar o añadir dispositivos a través de la aplicación nsm-web. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-913: Improper Control of Dynamically-Managed Code Resources CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39982 – MXsecurity Hardcoded Credential
https://notcve.org/view.php?id=CVE-2023-39982
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. Se ha identificado una vulnerabilidad en las versiones de MXsecurity anteriores a la v1.0.1. La vulnerabilidad puede poner en riesgo la confidencialidad e integridad de las comunicaciones SSH en el dispositivo afectado. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39981 – MXsecurity Device Information Disclosure
https://notcve.org/view.php?id=CVE-2023-39981
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker. Se ha descubierto una vulnerabilidad en MXsecurity versiones anteriores a v1.0.1. que permite el acceso no autorizado.Esta vulnerabilidad surge por medidas de autenticación inadecuadas pudiendo llevar potencialmente a la revelación de información del dispositivo por parte de un atacante remoto. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •