CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19707
https://notcve.org/view.php?id=CVE-2019-19707
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. En los dispositivos Moxa EDS-G508E, EDS-G512E y EDS-G516E (con versión de firmware hasta 6.0), una denegación de servicio puede presentarse por medio de paquetes de descubrimiento de endpoint DCE-RPC de PROFINET . • https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2019-10963 – Moxa EDR-810 - Command Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2019-10963
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante no autenticado poder recuperar algunos archivos de registro del dispositivo, lo que puede permitir la divulgación de información confidencial. Los archivos de registro deben haber sido previamente exportados por un usuario legítimo. Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/47536 http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html https://www.us-cert.gov/ics/advisories/icsa-19-274-03 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10969 – Moxa EDR-810 - Command Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2019-10969
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante autenticado abusar de la funcionalidad ping para ejecutar comandos no autorizados en el enrutador, lo que puede permitir a un atacante realizar la ejecución de código remota. Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/47536 http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html https://www.us-cert.gov/ics/advisories/icsa-19-274-03 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11420
https://notcve.org/view.php?id=CVE-2018-11420
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423. Existe una corrupción de memoria en la interfaz web de Moxa OnCell G3100-HSPA Series versión 1.5 Build 17042015 y anterior, una vulnerabilidad diferente a la CVE-2018-11423. • https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-101.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11421
https://notcve.org/view.php?id=CVE-2018-11421
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages. Moxa OnCell serie G3100-HSPA versión 1.6 Build 17100315 y anteriores usa un protocolo de monitoreo propietario que no proporciona controles de seguridad de confidencialidad, integridad y autenticidad. • https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md • CWE-319: Cleartext Transmission of Sensitive Information •