CVE-2023-4929 – NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability
https://notcve.org/view.php?id=CVE-2023-4929
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. Todas las versiones de firmware de la serie NPort 5000 se ven afectadas por una vulnerabilidad de validación inadecuada de verificación de integridad. Esta vulnerabilidad se debe a comprobaciones insuficientes de las actualizaciones o mejoras del firmware, lo que potencialmente permite que usuarios malintencionados manipulen el firmware y obtengan el control de los dispositivos. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability • CWE-354: Improper Validation of Integrity Check Value •
CVE-2023-4204 – NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability
https://notcve.org/view.php?id=CVE-2023-4204
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. La versión de firmware 2.2 y anteriores de la serie NPort IAW5000A-I/O se ve afectada por una vulnerabilidad de credencial codificada que representa un riesgo potencial para la seguridad y la integridad del dispositivo afectado. Esta vulnerabilidad se atribuye a la presencia de una clave codificada, que podría facilitar la manipulación del firmware. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability • CWE-798: Use of Hard-coded Credentials •
CVE-2020-25196 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25196
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. El servidor WEB incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, permite sesiones SSH/Telnet, que pueden ser vulnerables a ataques de fuerza bruta para omitir una autenticación • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2020-25153 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25153
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. El servicio web incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, no requiere que usuarios tengan contraseñas seguras • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-521: Weak Password Requirements •
CVE-2020-25192 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25192
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. El servidor WEB incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, permite que sean mostrada información confidencial sin una debida autorización • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •