CVE-2016-0877
https://notcve.org/view.php?id=CVE-2016-0877
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. Fuga de memoria en dispositivos Moxa Secure Router EDR-G903 en versiones anteriores a 3.4.12 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) ejecutando la función ping. • https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2016-2286
https://notcve.org/view.php?id=CVE-2016-2286
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. Dispositivos Moxa MiiNePort_E1_4641 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E1_7080 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E2_1242 con firmware 1.1 Build 10080614, dispositivos MiiNePort_E2_4561 con firmware 1.1 Build 10080614 y dispositivos MiiNePort E3 con firmware 1.0 Build 11071409 tienen una contraseña en blanco por defecto, lo que permite a atacantes remotos obtener acceso a través de vectores no especificados. • http://seclists.org/fulldisclosure/2016/May/7 https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01 • CWE-287: Improper Authentication •
CVE-2016-2285
https://notcve.org/view.php?id=CVE-2016-2285
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos Moxa MiiNePort_E1_4641 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E1_7080 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E2_1242 con firmware 1.1 Build 10080614, dispositivos MiiNePort_E2_4561 con firmware 1.1 Build 10080614 y dispositivos MiiNePort E3 con firmware 1.0 Build 11071409 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://seclists.org/fulldisclosure/2016/May/7 https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-2295
https://notcve.org/view.php?id=CVE-2016-2295
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file. Dispositivos Moxa MiiNePort_E1_4641 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E1_7080 con firmware 1.1.10 Build 09120714, dispositivos MiiNePort_E2_1242 con firmware 1.1 Build 10080614, dispositivos MiiNePort_E2_4561 con firmware 1.1 Build 10080614 y dispositivos MiiNePort E3 con firmware 1.0 Build 11071409 permiten a atacantes remotos obtener información sensible en texto plano leyendo un archivo de configuración. • http://seclists.org/fulldisclosure/2016/May/7 https://ics-cert.us-cert.gov/advisories/ICSA-16-145-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2283
https://notcve.org/view.php?id=CVE-2016-2283
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. Dispositivos Moxa ioLogik E2200 en versiones anteriores 3.12 e ioAdmin Configuration Utility en versiones anteriores a 3.18 no cifran correctamente los datos, lo que facilita a atacantes remotos obtener el texto plano asociado a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-063-01 • CWE-255: Credentials Management Errors •