CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6787 – MXview One Series vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition
https://notcve.org/view.php?id=CVE-2024-6787
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6786 – MXview One Series vulnerable to Path Traversal
https://notcve.org/view.php?id=CVE-2024-6786
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-24: Path Traversal: '../filedir' •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6785 – MXview One and MXview One Central Manager Series store cleartext credentials in a local file
https://notcve.org/view.php?id=CVE-2024-6785
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 • CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40392
https://notcve.org/view.php?id=CVE-2021-40392
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad de la aplicación web de Moxa MXView Series versión 3.2.4. El rastreo de la red puede conllevar a una divulgación de información confidencial. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1403 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40390
https://notcve.org/view.php?id=CVE-2021-40390
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de omisión de autenticación en la funcionalidad de la aplicación web de Moxa MXView Series versión 3.2.4. Una petición HTTP especialmente diseñada puede conllevar a un acceso no autorizado. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1401 • CWE-798: Use of Hard-coded Credentials •