CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33824
https://notcve.org/view.php?id=CVE-2021-33824
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. Se ha detectado un problema en MOXA Mgate MB3180 Versión 2.1 Build 18113012. Unos atacantes pueden usar la herramienta slowhttptest para enviar peticiones HTTP incompletas, lo que podría hacer que el servidor siga esperando el paquete para finalizar la conexión, hasta que sean agotados sus recursos. • https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md https://github.com/shekyan/slowhttptest https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33823
https://notcve.org/view.php?id=CVE-2021-33823
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. Se ha detectado un problema en MOXA Mgate MB3180 Versión 2.1 Build 18113012. Un atacante podría enviar una gran cantidad de paquetes TCP SYN para hacer que los recursos del servicio web sean agotados. • https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33823.md https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-27185
https://notcve.org/view.php?id=CVE-2020-27185
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. Una transmisión de texto sin cifrar de información confidencial por medio del servicio Moxa en los dispositivos seriales de la serie NPort IA5000A. Una explotación con éxito de la vulnerabilidad podría permitir a los atacantes leer datos de autenticación, la configuración del dispositivo y otros datos confidenciales transmitidos mediante el Servicio Moxa • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-021%2C https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2020-27184
https://notcve.org/view.php?id=CVE-2020-27184
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks. Los dispositivos de la serie NPort IA5000A usan Telnet como uno de los servicios de administración de dispositivos de red. Telnet no soporta el cifrado de las comunicaciones cliente-servidor, haciéndolo vulnerable a ataques de tipo Man-in-the-Middle • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-020%2C https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-27150
https://notcve.org/view.php?id=CVE-2020-27150
In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set. En múltiples versiones de la Serie NPort IA5000A, el resultado de exportar la configuración de un dispositivo contiene las contraseñas de todos los usuarios del sistema y otros datos confidenciales en el formato original si no es ajustado "Pre-shared key" • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/05/11/klcert-20-019%2C https://www.moxa.com/en/support/product-support/security-advisory/nport-ia5000a-serial-device-servers-vulnerabilities •