CVSS: 7.8EPSS: 0%CPEs: 152EXPL: 0CVE-2022-3088
https://notcve.org/view.php?id=CVE-2022-3088
22 Nov 2022 — UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Imag... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2043 – MOXA NPort 5110 Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-2043
31 Aug 2022 — MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. MOXA NPort 5110: Versiones de Firmware 2.10, son vulnerables a una escritura fuera de límites que puede causar que el dispositivo deje de responder • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04 • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2044 – MOXA NPort 5110 Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-2044
31 Aug 2022 — MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. MOXA NPort 5110: Versiones de Firmware 2.10, son vulnerables a una escritura fuera de límites que puede permitir a un atacante sobrescribir valores en la memoria, causando una condición de denegación de servicio o potencialmente brickeando el dispositivo • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-04 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 40EXPL: 0CVE-2022-27048
https://notcve.org/view.php?id=CVE-2022-27048
15 Apr 2022 — A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower. Se ha detectado una vulnerabilidad en Moxa MGate que permite a un atacante llevar a cabo un ataque de tipo man-in-the-middle (MITM) en el dispositiv... • https://www.moxa.com/en/support/product-support/security-advisory/mgate-mb3170-mb3270-mb3280-mb3480-protocol-gateways-vulnerability •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40392
https://notcve.org/view.php?id=CVE-2021-40392
14 Apr 2022 — An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad de la aplicación web de Moxa MXView Series versión 3.2.4. El rastreo de la red puede conllevar a una divulgación de información confidencial. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1403 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40390
https://notcve.org/view.php?id=CVE-2021-40390
14 Apr 2022 — An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de omisión de autenticación en la funcionalidad de la aplicación web de Moxa MXView Series versión 3.2.4. Una petición HTTP especialmente diseñada puede conllevar a un acceso no autorizado. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1401 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2021-32976 – Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-32976
01 Apr 2022 — Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. Cinco desbordamientos de búfer en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior pueden permitir a un atacante remoto iniciar un ataque de denegación de servicio y ejecutar código arbitrario • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-32970 – Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-32970
01 Apr 2022 — Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. Los datos pueden ser copiados sin ser comprobados en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior, lo que puede permitir a un atacante remoto causar condiciones de denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-32974 – Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-32974
01 Apr 2022 — Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. Una comprobación inapropiada de la entrada en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior puede permitir a un atacante remoto ejecutar comandos • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2021-32968 – Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-32968
01 Apr 2022 — Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. Dos desbordamientos de búfer en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior, pueden permitir a un atacante remoto causar una condición de denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •