Vulnerabilities > Moxa > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-21 CVE-2024-6786 Path Traversal vulnerability in Moxa Mxview ONE
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system.
network
low complexity
moxa CWE-22
6.5
2024-09-21 CVE-2024-6787 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Moxa Mxview ONE
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU).
network
high complexity
moxa CWE-367
5.9
2023-12-31 CVE-2023-6093 Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Oncell G3150A-Lte Firmware
A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior.
network
low complexity
moxa CWE-1021
6.1
2023-12-31 CVE-2023-6094 Cleartext Transmission of Sensitive Information vulnerability in Moxa Oncell G3150A-Lte Firmware
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior.
network
low complexity
moxa CWE-319
5.3
2023-12-23 CVE-2023-5962 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa products
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior.
network
low complexity
moxa CWE-327
6.5
2023-11-02 CVE-2023-4217 Exposure of Resource to Wrong Sphere vulnerability in Moxa Eds-G503 Firmware
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application.
network
low complexity
moxa CWE-668
5.3
2023-11-02 CVE-2023-5035 Cleartext Transmission of Sensitive Information vulnerability in Moxa Eds-G503 Firmware
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session.
network
low complexity
moxa CWE-319
5.3
2023-09-02 CVE-2023-39982 Use of Hard-coded Credentials vulnerability in Moxa Mxsecurity 1.0/1.0.1
A vulnerability has been identified in MXsecurity versions prior to v1.0.1.
network
high complexity
moxa CWE-798
5.9
2023-09-02 CVE-2023-39983 Improper Control of Dynamically-Managed Code Resources vulnerability in Moxa Mxsecurity 1.0/1.0.1
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1.
network
low complexity
moxa CWE-913
5.3
2023-08-24 CVE-2023-4228 Incorrect Permission Assignment for Critical Resource vulnerability in Moxa Iologik E4200 Firmware 1.6
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application.
network
low complexity
moxa CWE-732
4.3