Vulnerabilities > Moxa > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-07 CVE-2018-10694 Missing Encryption of Sensitive Data vulnerability in Moxa Awk-3121 Firmware 1.14
An issue was discovered on Moxa AWK-3121 1.14 devices.
network
high complexity
moxa CWE-311
8.1
2019-06-07 CVE-2018-10693 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Awk-3121 Firmware 1.14
An issue was discovered on Moxa AWK-3121 1.14 devices.
network
low complexity
moxa CWE-119
8.8
2019-06-07 CVE-2018-10691 Improper Access Control vulnerability in Moxa Awk-3121 Firmware 1.14
An issue was discovered on Moxa AWK-3121 1.14 devices.
network
low complexity
moxa CWE-284
7.5
2019-06-07 CVE-2018-10690 Missing Encryption of Sensitive Data vulnerability in Moxa Awk-3121 Firmware 1.14
An issue was discovered on Moxa AWK-3121 1.14 devices.
network
high complexity
moxa CWE-311
8.1
2019-03-21 CVE-2015-6458 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Softcms 1.2/1.3
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution.
network
low complexity
moxa CWE-119
8.8
2019-03-21 CVE-2015-6457 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Softcms 1.2/1.3
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution.
network
low complexity
moxa CWE-119
8.8
2019-03-05 CVE-2019-6561 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
network
low complexity
moxa CWE-352
8.8
2019-03-05 CVE-2019-6520 Unspecified vulnerability in Moxa products
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
network
low complexity
moxa
7.5
2019-03-05 CVE-2019-6518 Missing Encryption of Sensitive Data vulnerability in Moxa products
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
network
low complexity
moxa CWE-311
7.5
2018-12-06 CVE-2018-19660 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
8.8