CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6526
https://notcve.org/view.php?id=CVE-2019-6526
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. Moxa IKS-G6824A series versión 4.5 y anteriores, EDS-405A series versión 3.8 y anteriores, EDS-408A series versión 3.8 y anteriores, y EDS-510A series versión 3.8 y anteriores transmiten información sensible en texto plano, lo que podría permitir a un atacante capturar información sensible como, por ejemplo, las contraseñas de administración. • https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2016-5819
https://notcve.org/view.php?id=CVE-2016-5819
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. Las series Moxa G3100V2, ediciones anteriores a la Versión 2.8, y OnCell G3111 / G3151 / G3211 / G3251 Series, ediciones anteriores a la Versión 1.7 permiten un ataque de secuencias de comandos en sitios cruzados que puede permitir que un atacante ejecute código de script arbitrario en el navegador del usuario relación de confianza entre su navegador y el servidor. • https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6565
https://notcve.org/view.php?id=CVE-2019-6565
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. Moxa IKS y EDS no validan correctamente las entradas de usuario, lo que otorga a los atacantes, tanto autenticados como no, la capacidad de realizar ataques XSS, lo que podría emplearse para enviar un script malicioso. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6563
https://notcve.org/view.php?id=CVE-2019-6563
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. Moxa IKS y EDS generan una cookie predecible calculada con un hash MD5, lo que permite que un atacante capture la contraseña del administrador. Esto podría conducir al compromiso total del dispositivo. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-341: Predictable from Observable State CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6561
https://notcve.org/view.php?id=CVE-2019-6561
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. Se ha identificado Cross-Site Request Forgery (CSRF) en Moxa IKS y EDS, lo que podría permitir la ejecución de acciones no autorizadas en el dispositivo. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-352: Cross-Site Request Forgery (CSRF) •