CVSS: 3.3EPSS: 0%CPEs: 52EXPL: 0CVE-2016-9348
https://notcve.org/view.php?id=CVE-2016-9348
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. Un archivo de configuración contiene parámetros que representan contraseñas en texto plano. • http://www.securityfocus.com/bid/85965 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8346
https://notcve.org/view.php?id=CVE-2016-8346
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). Ha sido descubierto un problema en Moxa EDR-810 Industrial Secure Router. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malintencionado puede acceder a los archivos de configuración y de registro (PRIVILEGE ESCALATION). • http://www.securityfocus.com/bid/93800 https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8360 – Moxa SoftCMS AspWebServer URL Processing Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8360
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. Ha sido descubierto un problema en las versiones de Moxa SoftCMS anteriores a la versión 1.6. Una solicitud de URL especialmente manipulada enviada al SoftCMS ASP Webserver puede provocar una doble condición libre en el servidor permitiendo a un atacante modificar ubicaciones de memoria y posiblemente provocar una denegación de servicio o la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. • http://www.securityfocus.com/bid/94394 https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5793
https://notcve.org/view.php?id=CVE-2016-5793
Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. Vulnerabilidad de ruta de búsqueda sin entrecomillar en Windows en Moxa Active OPC Server en versiones anteriores a 2.4.19 permite a usuarios locales obtener privilegios a través de un archivo troyano ejecutable en el directorio %SYSTEMDRIVE%. • http://www.securityfocus.com/bid/93046 https://ics-cert.us-cert.gov/advisories/ICSA-16-264-01 • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5799
https://notcve.org/view.php?id=CVE-2016-5799
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Dispositivos Moxa OnCell G3100V2 en versiones anteriores a 2.8 y dispositivos G3111, G3151, G3211 y G3251 en versiones anteriores a 1.7 no restringen adecuadamente intentos de autenticación, lo que facilita a atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www.securityfocus.com/bid/92606 https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 • CWE-285: Improper Authorization •