CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39983 – MXsecurity Register Database Pollution
https://notcve.org/view.php?id=CVE-2023-39983
02 Sep 2023 — A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application. Se ha identificado una vulnerabilidad que supone un riesgo potencial de contaminar la base de datos sqlite de MXsecurity y la interfaz de usuario nsm-web en las versiones de MXsecurity anteriores a la v1.0.1. Esta vulnerabi... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-913: Improper Control of Dynamically-Managed Code Resources CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39982 – MXsecurity Hardcoded Credential
https://notcve.org/view.php?id=CVE-2023-39982
02 Sep 2023 — A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. Se ha identificado una vulnerabilidad en las versiones de MXsecurity anteriores a la v1.0.1. La vulnerabilidad puede poner en riesgo la confidencialidad e integridad de... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39981 – MXsecurity Device Information Disclosure
https://notcve.org/view.php?id=CVE-2023-39981
02 Sep 2023 — A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker. Se ha descubierto una vulnerabilidad en MXsecurity versiones anteriores a v1.0.1. que permite el acceso no autorizado.Esta vulnerabilidad surge por medidas de autenticación inadecuadas pudiendo llevar potencialmente a la revelación de información del ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39980 – MXsecurity Authenticated Information Disclosure Due to SQL Injection
https://notcve.org/view.php?id=CVE-2023-39980
02 Sep 2023 — A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands. Se ha identificado una vulnerabilidad que permite la divulgación no autorizada de información autenticada en versiones de MXsecurity anteriores a la v1.0.1. Esta vulnerabilidad surge cuando los elementos especiales no se neutralizan correc... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39979 – MXsecurity Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-39979
02 Sep 2023 — There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. Hay una vulnerabilidad en las versiones anteriores a 1.0.1 de MXsecurity que puede aprovecharse para omitir la autenticación. Un atacante remoto podría acceder al sistema si la autenticación del servicio web tiene valores aleatorios insuficientes • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities • CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33236 – MXsecurity Hardcoded Credential Vulnerability
https://notcve.org/view.php?id=CVE-2023-33236
22 May 2023 — MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the web-based interface. The issue result... • https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33235 – MXsecurity Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-33235
22 May 2023 — MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MXsecurity Series appliances. Authentication is required to exploit this vulnerability. The specific fla... • https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •