Vulnerabilities > Moxa

DATE CVE VULNERABILITY TITLE RISK
2018-10-19 CVE-2018-18395 Unspecified vulnerability in Moxa Thingspro 2.1
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa
critical
 10.0
10
2018-10-19 CVE-2018-18394 Cleartext Storage of Sensitive Information vulnerability in Moxa Thingspro 2.1
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa CWE-312
5.0
5.0
2018-10-19 CVE-2018-18393 Unspecified vulnerability in Moxa Thingspro 2.1
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa
5.0
5.0
2018-10-19 CVE-2018-18392 Unspecified vulnerability in Moxa Thingspro 2.1
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa
6.5
6.5
2018-10-19 CVE-2018-18391 Unspecified vulnerability in Moxa Thingspro 2.1
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa
6.5
6.5
2018-10-19 CVE-2018-18390 Information Exposure vulnerability in Moxa Thingspro 2.1
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa CWE-200
5.0
5.0
2018-09-20 CVE-2018-16282 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.2
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
network
low complexity
moxa CWE-78
critical
 9.0
9.0
2018-07-24 CVE-2018-10632 Resource Exhaustion vulnerability in Moxa products
In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.
network
low complexity
moxa CWE-400
5.0
5.0
2018-05-14 CVE-2017-14439 Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-20
7.5
7.5
2018-05-14 CVE-2017-14438 Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-20
7.5
7.5