CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5812
https://notcve.org/view.php?id=CVE-2016-5812
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. Dispositivos Moxa OnCell G3100V2 en versiones anteriores a 2.8 y dispositivos G3111, G3151, G3211 y G3251 en versiones anteriores a 1.7 utilizan un almacenamiento de contraseñas de texto sin cifrar, lo que facilita a usuarios locales obtener información sensible leyendo un archivo de configuración. • http://www.securityfocus.com/bid/92605 https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5792 – Moxa SoftCMS getcaminfo SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-5792
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. Vulnerabilidad de inyección SQL en Moxa SoftCMS en versiones anteriores a 1.5 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de campos no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getcaminfo.asp script. When parsing the VWID element, the process fails to properly validate a user-supplied string before using it to construct SQL queries. • http://www.securityfocus.com/bid/92262 http://www.zerodayinitiative.com/advisories/ZDI-16-463 https://ics-cert.us-cert.gov/advisories/ICSA-16-215-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2016-5804
https://notcve.org/view.php?id=CVE-2016-5804
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. Moxa MGate MB3180 en versiones anteriores a 1.8, MGate MB3280 en versiones anteriores a 2.7, MGate MB3480 en versiones anteriores a 2.6, MGate MB3170 en versiones anteriores a 2.5 y MGate MB3270 en versiones anteriores a 2.7 usa encriptación débil, lo que permite a atacantes remotos eludir autenticación a través de una serie de conjeturas de fuerza-bruta para un valor de parámetro. • http://www.securityfocus.com/bid/91777 https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4503
https://notcve.org/view.php?id=CVE-2016-4503
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. Moxa Device Server Web Console 5232-N permite a atacantes eludir la autenticación, y por consiguiente modificar ajustes y datos, a través de vectores relacionados con la lectura de un parámetro de cookie que contiene un valor UserId. • http://www.securityfocus.com/bid/91670 https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02 • CWE-287: Improper Authentication •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4514
https://notcve.org/view.php?id=CVE-2016-4514
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. Dispositivos Moxa PT-7728 con software 3.4 build 15081113 permiten a usuarios remotos autenticados cambiar la configuración a través de vectores involucrando un proxy local. • https://ics-cert.us-cert.gov/advisories/ICSA-16-168-01 • CWE-863: Incorrect Authorization •