Vulnerabilities > Moxa

DATE CVE VULNERABILITY TITLE RISK
2020-03-24 CVE-2020-6993 Information Exposure vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.
network
low complexity
moxa CWE-200
7.5
2020-03-24 CVE-2020-6985 Use of Hard-coded Credentials vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
network
low complexity
moxa CWE-798
critical
9.8
2020-03-24 CVE-2020-6989 Out-of-bounds Write vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
network
low complexity
moxa CWE-787
critical
9.8
2020-03-24 CVE-2020-6987 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
network
low complexity
moxa CWE-327
7.5
2020-03-24 CVE-2020-6983 Use of Hard-coded Credentials vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.
network
low complexity
moxa CWE-798
7.5
2020-03-24 CVE-2020-7003 Cleartext Transmission of Sensitive Information vulnerability in Moxa products
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.
network
low complexity
moxa CWE-319
7.5
2020-03-24 CVE-2019-18242 Unspecified vulnerability in Moxa products
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.
network
low complexity
moxa
7.5
2020-03-11 CVE-2019-9104 Insufficiently Protected Credentials vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-522
7.5
2020-03-11 CVE-2019-9103 Information Exposure vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-200
5.3
2020-03-11 CVE-2019-9102 Use of Insufficiently Random Values vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-330
8.8