Vulnerabilities > Moxa

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2019-5143 Use of Externally-Controlled Format String vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-134
8.8
2020-02-25 CVE-2019-5142 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
7.2
2020-02-25 CVE-2019-5141 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
8.8
2020-02-25 CVE-2019-5140 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
8.8
2020-02-25 CVE-2019-5139 Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13.
local
low complexity
moxa CWE-798
7.1
2020-02-25 CVE-2019-5138 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
critical
9.9
2020-02-25 CVE-2019-5137 Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.13
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-798
7.5
2020-02-25 CVE-2019-5136 Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa
8.8
2020-02-14 CVE-2020-8858 OS Command Injection vulnerability in Moxa products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1.
network
low complexity
moxa CWE-78
8.8
2019-12-11 CVE-2019-19707 Unspecified vulnerability in Moxa products
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
network
low complexity
moxa
7.5