Vulnerabilities > Moxa > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-21 | CVE-2024-6786 | Path Traversal vulnerability in Moxa Mxview ONE The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. | 6.5 |
2024-09-21 | CVE-2024-6787 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Moxa Mxview ONE This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). | 5.9 |
2023-12-31 | CVE-2023-6093 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Oncell G3150A-Lte Firmware 1.3 A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. | 6.1 |
2023-12-31 | CVE-2023-6094 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Oncell G3150A-Lte Firmware 1.3 A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. | 5.3 |
2023-12-23 | CVE-2023-5962 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa products A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. | 6.5 |
2023-11-02 | CVE-2023-4217 | Exposure of Resource to Wrong Sphere vulnerability in Moxa Eds-G503 Firmware A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. | 5.3 |
2023-11-02 | CVE-2023-5035 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Eds-G503 Firmware A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. | 5.3 |
2023-09-02 | CVE-2023-39982 | Use of Hard-coded Credentials vulnerability in Moxa Mxsecurity 1.0/1.0.1 A vulnerability has been identified in MXsecurity versions prior to v1.0.1. | 5.9 |
2023-09-02 | CVE-2023-39983 | Improper Control of Dynamically-Managed Code Resources vulnerability in Moxa Mxsecurity 1.0/1.0.1 A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. | 5.3 |
2023-08-24 | CVE-2023-4228 | Incorrect Permission Assignment for Critical Resource vulnerability in Moxa Iologik E4200 Firmware 1.6 A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. | 4.3 |