CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6518
https://notcve.org/view.php?id=CVE-2019-6518
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Moxa IKS y EDS almacenan contraseñas en texto plano, lo que podría permitir que alguien con acceso al dispositivo lea información sensible. • http://www.securityfocus.com/bid/107178 https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01 • CWE-256: Plaintext Storage of a Password CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2018-19659
https://notcve.org/view.php?id=CVE-2018-19659
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad del servidor web de los productos Moxa NPort W2x50A con firmware en versiones anteriores a la 2.2 Build_18082311. Una petición HTTP POST especialmente manipulada en /goform/net_WebPingGetValue puede resultar en la ejecución de comandos del sistema operativo como usuario root. • http://packetstormsecurity.com/files/150535/Moxa-NPort-W2x50A-2.1-OS-Command-Injection.html http://seclists.org/fulldisclosure/2018/Nov/64 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2018-19660 – Moxa NPort W2x50A 2.1 OS Command Injection
https://notcve.org/view.php?id=CVE-2018-19660
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad del servidor web de los productos Moxa NPort W2x50A con firmware en versiones anteriores a la 2.2 Build_18082311. Una petición HTTP POST especialmente manipulada en /goform/webSettingProfileSecurity puede resultar en la ejecución de comandos del sistema operativo como usuario root. Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities. • http://packetstormsecurity.com/files/150535/Moxa-NPort-W2x50A-2.1-OS-Command-Injection.html http://seclists.org/fulldisclosure/2018/Nov/64 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18392
https://notcve.org/view.php?id=CVE-2018-18392
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Escalado de privilegios mediante control de acceso incorrecto en Moxa ThingsPro IIoT Gateway and Device Management Software Solutions 2.1. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18396
https://notcve.org/view.php?id=CVE-2018-18396
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Ejecución remota de código en Moxa ThingsPro IIoT Gateway and Device Management Software Solutions 2.1. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-024-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-remote-code-execution •