CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28697 – Moxa MiiNePort E1 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-28697
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. • https://cdn-cms.azureedge.net/Moxa/media/PDIM/S100000223/MiiNePort%20E1%20Series_moxa-miineport-e1-series-firmware-v1.9.rom_Software%20Release%20History.pdf https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.6EPSS: 0%CPEs: 109EXPL: 0CVE-2023-1257 – CVE-2023-1257
https://notcve.org/view.php?id=CVE-2023-1257
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-04 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-40693
https://notcve.org/view.php?id=CVE-2022-40693
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1616 https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-40224
https://notcve.org/view.php?id=CVE-2022-40224
A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618 https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities • CWE-410: Insufficient Resource Pool •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2022-41313
https://notcve.org/view.php?id=CVE-2022-41313
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1619 https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •