Page 6 of 290 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-39981 – MXsecurity Device Information Disclosure

https://notcve.org/view.php?id=CVE-2023-39981

A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker. Se ha descubierto una vulnerabilidad en MXsecurity versiones anteriores a v1.0.1. que permite el acceso no autorizado.Esta vulnerabilidad surge por medidas de autenticación inadecuadas pudiendo llevar potencialmente a la revelación de información del dispositivo por parte de un atacante remoto. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-39980 – MXsecurity Authenticated Information Disclosure Due to SQL Injection

https://notcve.org/view.php?id=CVE-2023-39980

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands. Se ha identificado una vulnerabilidad que permite la divulgación no autorizada de información autenticada en versiones de MXsecurity anteriores a la v1.0.1. Esta vulnerabilidad surge cuando los elementos especiales no se neutralizan correctamente, lo que permite a atacantes remotos alterar comandos SQL. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-39979 – MXsecurity Authentication Bypass

https://notcve.org/view.php?id=CVE-2023-39979

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. Hay una vulnerabilidad en las versiones anteriores a 1.0.1 de MXsecurity que puede aprovecharse para omitir la autenticación. Un atacante remoto podría acceder al sistema si la autenticación del servicio web tiene valores aleatorios insuficientes • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-4230 – ioLogik 4000 Series: Server Banner Information Disclosure

https://notcve.org/view.php?id=CVE-2023-4230

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-4229 – ioLogik 4000 Series: Session Headers Not Implemented

https://notcve.org/view.php?id=CVE-2023-4229

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •