Vulnerabilities > Moxa

DATE CVE VULNERABILITY TITLE RISK
2017-02-13 CVE-2016-8360 Double Free vulnerability in Moxa Softcms
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6.
network
high complexity
moxa CWE-415
8.1
2017-02-13 CVE-2016-8359 Cross-site Scripting vulnerability in Moxa products
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12.
network
low complexity
moxa CWE-79
6.1
2017-02-13 CVE-2016-8350 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12.
network
low complexity
moxa CWE-352
6.3
2017-02-13 CVE-2016-8346 Information Exposure Through Log Files vulnerability in Moxa Edr-810 Firmware 3.12
An issue was discovered in Moxa EDR-810 Industrial Secure Router.
network
low complexity
moxa CWE-532
7.5
2016-09-24 CVE-2016-5793 Unquoted Search Path or Element vulnerability in Moxa Active OPC Server 2.4.18
Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.
local
low complexity
moxa CWE-428
8.8
2016-08-24 CVE-2016-5812 Information Exposure vulnerability in Moxa Oncell G3001 Firmware and Oncell G3100V2 Firmware
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.
local
low complexity
moxa CWE-200
3.3
2016-08-24 CVE-2016-5799 Improper Authorization vulnerability in Moxa Oncell G3001 Firmware and Oncell G3100V2 Firmware
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
moxa CWE-285
critical
9.8
2016-08-08 CVE-2016-5792 SQL Injection vulnerability in Moxa Softcms 1.2/1.3/1.4
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
network
low complexity
moxa CWE-89
critical
9.8
2016-07-15 CVE-2016-5804 Inadequate Encryption Strength vulnerability in Moxa products
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
network
low complexity
moxa CWE-326
critical
9.8
2016-07-12 CVE-2016-4503 Improper Authentication vulnerability in Moxa Device Server web Console 5232-N Firmware
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
network
low complexity
moxa CWE-287
critical
9.8