3 results (0.005 seconds)

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-24: Path Traversal: '../filedir' •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-313: Cleartext Storage in a File or on Disk •