CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19707
https://notcve.org/view.php?id=CVE-2019-19707
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. En los dispositivos Moxa EDS-G508E, EDS-G512E y EDS-G516E (con versión de firmware hasta 6.0), una denegación de servicio puede presentarse por medio de paquetes de descubrimiento de endpoint DCE-RPC de PROFINET . • https://www.moxa.com/en/support/support/security-advisory/eds-g508e-g512e-g516e-series-ethernet-switches-vulnerabilities •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13701
https://notcve.org/view.php?id=CVE-2017-13701
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. • http://www.securityfocus.com/bid/101966 https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13699
https://notcve.org/view.php?id=CVE-2017-13699
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. • http://www.securityfocus.com/bid/106047 https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13698
https://notcve.org/view.php?id=CVE-2017-13698
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. Un atacante podría extraer las claves públicas y privadas de la imagen de firmware disponible en el sitio web de MOXA y emplearlas contra un switch de producción que tiene embebidas las claves por defecto. • https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13703
https://notcve.org/view.php?id=CVE-2017-13703
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. Puede ocurrir una denegación de servicio. • https://www.sentryo.net/fr/sentryo-analyse-switch-industriel • CWE-20: Improper Input Validation •