CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2023-5627 – Incorrect Implementation of Authentication Algorithm Vulnerability
https://notcve.org/view.php?id=CVE-2023-5627
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. Se ha identificado una vulnerabilidad en Series NPort 6000 que hace vulnerable el mecanismo de autenticación. Esta vulnerabilidad surge de la implementación incorrecta de la protección de información confidencial, lo que potencialmente permite que usuarios malintencionados obtengan acceso no autorizado al servicio web. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-232905-nport-6000-series-incorrect-implementation-of-authentication-algorithm-vulnerability • CWE-257: Storing Passwords in a Recoverable Format CWE-287: Improper Authentication CWE-303: Incorrect Implementation of Authentication Algorithm CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-4452 – Web Server Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4452
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. Se ha identificado una vulnerabilidad en Series EDR-810, EDR-G902 y EDR-G903, lo que las hace vulnerables a la vulnerabilidad de denegación de servicio. Esta vulnerabilidad se debe a una validación de entrada insuficiente en el URI, lo que potencialmente permite que usuarios malintencionados activen el reinicio del dispositivo. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 254EXPL: 0CVE-2023-4929 – NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability
https://notcve.org/view.php?id=CVE-2023-4929
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. Todas las versiones de firmware de la serie NPort 5000 se ven afectadas por una vulnerabilidad de validación inadecuada de verificación de integridad. Esta vulnerabilidad se debe a comprobaciones insuficientes de las actualizaciones o mejoras del firmware, lo que potencialmente permite que usuarios malintencionados manipulen el firmware y obtengan el control de los dispositivos. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39983 – MXsecurity Register Database Pollution
https://notcve.org/view.php?id=CVE-2023-39983
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application. Se ha identificado una vulnerabilidad que supone un riesgo potencial de contaminar la base de datos sqlite de MXsecurity y la interfaz de usuario nsm-web en las versiones de MXsecurity anteriores a la v1.0.1. Esta vulnerabilidad podría permitir a un atacante remoto no autenticado registrar o añadir dispositivos a través de la aplicación nsm-web. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-913: Improper Control of Dynamically-Managed Code Resources CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39982 – MXsecurity Hardcoded Credential
https://notcve.org/view.php?id=CVE-2023-39982
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. Se ha identificado una vulnerabilidad en las versiones de MXsecurity anteriores a la v1.0.1. La vulnerabilidad puede poner en riesgo la confidencialidad e integridad de las comunicaciones SSH en el dispositivo afectado. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •