CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12729
https://notcve.org/view.php?id=CVE-2017-12729
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password. Se ha descubierto un problema de inyección SQL en Moxa SoftCMS Live Viewer hasta la versión 1.6. Se ha identificado una vulnerabilidad de neutralización indebida de elementos especiales usada en un comando SQL ("inyección SQL"). • https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5170
https://notcve.org/view.php?id=CVE-2017-5170
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. • http://www.securityfocus.com/bid/100208 https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14030
https://notcve.org/view.php?id=CVE-2017-14030
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Se ha descubierto un problema en Moxa MXview v2.8 y anteriores. La vulnerabilidad de escalado de ruta de servicio sin entrecomillar podría permitir que un usuario autorizado con acceso de archivo escale privilegios insertando código arbitrario en la ruta del servicio sin entrecomillar. • http://www.securityfocus.com/bid/102494 https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02 • CWE-428: Unquoted Search Path or Element •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-16727
https://notcve.org/view.php?id=CVE-2017-16727
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. Se descubrió un problema de gestión de credenciales en Moxa NPort W2150A en versiones anteriores a la 1.11 y NPort W2250A en versiones anteriores a la 1.11. • http://www.securityfocus.com/bid/102254 https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01 • CWE-255: Credentials Management Errors CWE-521: Weak Password Requirements •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13701
https://notcve.org/view.php?id=CVE-2017-13701
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. • http://www.securityfocus.com/bid/101966 https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •