CVSS: 9.0EPSS: 0%CPEs: 254EXPL: 0CVE-2023-4929 – NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability
https://notcve.org/view.php?id=CVE-2023-4929
03 Oct 2023 — All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. Todas las versiones de firmware de la serie NPort 5000 se ven afectadas por una vulnerabilidad de validación inadecuada de verificación de integridad. Esta vulnerabilidad se debe a comprobaciones insuficientes de l... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4204 – NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability
https://notcve.org/view.php?id=CVE-2023-4204
16 Aug 2023 — NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. La versión de firmware 2.2 y anteriores de la serie NPort IAW5000A-I/O se ve afectada por una vulnerabilidad de credencial codificada que representa un riesgo potencial para la seguridad y la i... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25196 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25196
23 Dec 2020 — The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. El servidor WEB incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, permite sesiones SSH/Telnet, que pueden ser vulnerables a ataques de fuerza bruta para omitir una autenticación • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25153 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25153
23 Dec 2020 — The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. El servicio web incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, no requiere que usuarios tengan contraseñas seguras • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-521: Weak Password Requirements •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25192 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25192
23 Dec 2020 — The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. El servidor WEB incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, permite que sean mostrada información confidencial sin una debida autorización • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25198 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25198
23 Dec 2020 — The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. El servidor WEB incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, ha implementado incorrectamente protecciones contra la fijación de sesiones, lo que puede permitir a un atacante conseguir acceso a una sesión y secuestrarla para robar... • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25194 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25194
23 Dec 2020 — The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. El servidor WEB incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, presenta una administración de privilegios inapropiada, lo que puede permitir a un atacante con privilegios de usuario llevar a cabo peticiones con privilegios administrativos • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25190 – MOXA NPort IAW5000A-I/O Series
https://notcve.org/view.php?id=CVE-2020-25190
23 Dec 2020 — The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. El servidor WEB incorporado para MOXA NPort IAW5000A-I/O versiones de firmware 2.1 o inferiores, almacena y transmite las credenciales de servicios de terceros en texto sin cifrar • https://us-cert.cisa.gov/ics/advisories/icsa-20-287-01 • CWE-319: Cleartext Transmission of Sensitive Information •