Vulnerabilities > Moxa > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-24 CVE-2019-18242 Unspecified vulnerability in Moxa products
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.
network
low complexity
moxa
7.5
2020-03-11 CVE-2019-9104 Insufficiently Protected Credentials vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-522
7.5
2020-03-11 CVE-2019-9102 Use of Insufficiently Random Values vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-330
8.8
2020-03-11 CVE-2019-9101 Cleartext Transmission of Sensitive Information vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-319
7.5
2020-03-11 CVE-2019-9098 Integer Overflow or Wraparound vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-190
7.5
2020-02-26 CVE-2019-18238 Cleartext Storage of Sensitive Information vulnerability in Moxa products
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.
network
low complexity
moxa CWE-312
7.5
2020-02-25 CVE-2019-5165 Improper Authentication vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-287
7.2
2020-02-25 CVE-2019-5162 Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa
8.8
2020-02-25 CVE-2019-5153 Out-of-bounds Write vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-787
8.8
2020-02-25 CVE-2019-5148 Integer Underflow (Wrap or Wraparound) vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13.
network
low complexity
moxa CWE-191
7.5